Founded in 1986 in London, England, Pret A Manger has grown into a global business with more than 500 stores in seven markets around the world. Driving these worldwide operations in an efficient way requires tight integration with a large network of suppliers, and Pret relies on digital integration to exchange data securely with its community of B2B trading partners.
When it comes to protecting commercially sensitive data, Pret knows that maintaining a strong security posture extends far beyond the systems and processes for transmitting its data to suppliers. Under the General Data Protection Regulation (GDPR), companies are responsible for their third-party providers and suppliers. And with an estimated 4.5 billion records lost to cyber security breaches in 2018 alone, ensuring that suppliers are managing data in a secure and compliant way is a key priority.
In the past, Pret relied on manual approaches to security, compliance and business risk reporting, which required its information security experts to gather data from multiple systems and manually collate supplier questionnaires. As well as consuming significant amounts of time, this approach meant Pret lacked a real-time view of cyber exposure across its trading partner portfolio.
To solve the challenge, Pret targeted an approach that could deliver a continuous feed of accurate cyber risk threat information on its hundreds of global suppliers. The aim was to supply Pret’s information security and procurement teams with rich, detailed cyber risk assessment and management information—supporting faster, better-informed decision-making.
To deliver a 360-degree view of cyber threats across its supplier ecosystem, Pret selected RiskXchange from Northdoor—an IBM Watson AI-powered security and compliance risk management platform. By automatically scanning for high-risk attack vectors such as open ports, security patching weaknesses and incomplete SSL chains, RiskXchange provides real-time cyber ratings that allow companies to quickly, easily and cost-effectively review their security exposure – without the cost and effort of manual questionnaires.
Working with expert consultants from Northdoor, Pret established a GDPR-aware security and compliance governance framework, and configured the RiskXchange platform to support the new way of working. In parallel, Northdoor helped Pret to design, build and test custom risk assessments and risk scoring methodologies—helping to ensure that the new platform would support its diverse community of suppliers. And by tightly integrating the RiskXchange platform with its supplier onboarding systems, Pret now seamlessly incorporates real-time cyber insights into its assessment process for new vendors.
Today, the Northdoor solution provides Pret’s security and procurement teams with timely, structured and granular reporting capabilities. Management dashboards—combined with the ability to create ad hoc reports instantly at the touch of a button—help Pret satisfy the needs of its senior management teams without the need for time-consuming manual processes.
With the RiskXchange platform driving its new approach to cyber risk management, Pret can exchange information with suppliers confident in the knowledge that it will be handled and processed in a secure, compliant way.
Equipped with fine-grained insights into security, compliance and business risks across its trading partner community, Pret can now make faster, better-informed decisions about the data it shares with each of its suppliers. And by eliminating the need for manual work, the company’s information security experts are now free to spend more of their time on value-added activities—contributing to a stronger security posture overall.
RiskXchange is also tightly integrated into Pret’s assessment process for new vendors, accelerating the process dramatically. In the past, gathering, analysing and reporting on the risk profiles of potential suppliers was a manual, time-intensive process that could take months to complete. Today, RiskXchange scoring empowers Pret to make well-informed decisions about supplier risks within a matter of days.
Crucially, Pret has gained these advanced, real-time capabilities without sending its operational expenditure soaring. Compared to a similar solution delivered by a professional services organisation, the total cost of ownership for RiskXchange is up to 75 percent lower. And because RiskXchange is an AI-powered solution, it can provide deep insights into areas such as security posture and security maturity without the need for human input.