Interested in finding out more?

Discover how global retailer Pret A Manger shrinks its supplier risks with a granular, real-time view of cyber exposure

Founded in 1986 in London, England, Pret A Manger has grown into a global business with more than 500 stores in seven markets around the world. Driving these worldwide operations in an efficient way requires tight integration with a large network of suppliers, and Pret relies on digital integration to exchange data securely with its community of B2B trading partners.

When it comes to protecting commercially sensitive data, Pret knows that maintaining a strong security posture extends far beyond the systems and processes for transmitting its data to suppliers. Under the General Data Protection Regulation (GDPR), companies are responsible for their third-party providers and suppliers. And with an estimated 4.5 billion records lost to cyber security breaches in 2018 alone, ensuring that suppliers are managing data in a secure and compliant way is a key priority.

In the past, Pret relied on manual approaches to security, compliance and business risk reporting, which required its information security experts to gather data from multiple systems and manually collate supplier questionnaires. As well as consuming significant amounts of time, this approach meant Pret lacked a real-time view of cyber exposure across its trading partner portfolio.

Alan Cain, Head of Security, Pret A Manger, says,
“It takes huge amounts of time and effort to work out your exposure to third-party risk. Even then, if you look only at the first link in the chain, you have no visibility of the complex web of risk that radiates out to your partners’ business partners, and to their business partners in turn.”

To solve the challenge, Pret targeted an approach that could deliver a continuous feed of accurate cyber risk threat information on its hundreds of global suppliers. The aim was to supply Pret’s information security and procurement teams with rich, detailed cyber risk assessment and management information—supporting faster, better-informed decision-making.

Gaining real-time insights

To deliver a 360-degree view of cyber threats across its supplier ecosystem, Pret selected RiskXchange from Northdoor—an AI-powered security and compliance risk management platform. By automatically scanning for high-risk attack vectors such as open ports, security patching weaknesses and incomplete SSL chains, RiskXchange provides real-time cyber ratings that allow companies to quickly, easily and cost-effectively review their security exposure – without the cost and effort of manual questionnaires.

Alan Cain says, “Northdoor knows our environment well and has a good understanding of our business and strategic priorities, so they were the logical choice of partner for this project.”

Working with expert consultants from Northdoor, Pret established a GDPR-aware security and compliance governance framework, and configured the RiskXchange platform to support the new way of working. In parallel, Northdoor helped Pret to design, build and test custom risk assessments and risk scoring methodologies—helping to ensure that the new platform would support its diverse community of suppliers. And by tightly integrating the RiskXchange platform with its supplier onboarding systems, Pret now seamlessly incorporates real-time cyber insights into its assessment process for new vendors.

Today, the Northdoor solution provides Pret’s security and procurement teams with timely, structured and granular reporting capabilities. Management dashboards—combined with the ability to create ad hoc reports instantly at the touch of a button—help Pret satisfy the needs of its senior management teams without the need for time-consuming manual processes.

“We wanted a solution that could offer us deep cyber security management insights for all of our suppliers in real time—and the RiskXchange solution from Northdoor delivered on all of our key requirements. Working with the Northdoor team on the implementation process was an extremely positive experience, and it was clear from the outset that they were prepared to go the extra mile to ensure the project was a success.”

Driving cost-effective compliance

With the RiskXchange platform driving its new approach to cyber risk management, Pret can exchange information with suppliers confident in the knowledge that it will be handled and processed in a secure, compliant way.

Equipped with fine-grained insights into security, compliance and business risks across its trading partner community, Pret can now make faster, better-informed decisions about the data it shares with each of its suppliers. And by eliminating the need for manual work, the company’s information security experts are now free to spend more of their time on value-added activities—contributing to a stronger security posture overall.

RiskXchange is also tightly integrated into Pret’s assessment process for new vendors, accelerating the process dramatically. In the past, gathering, analysing and reporting on the risk profiles of potential suppliers was a manual, time-intensive process that could take months to complete. Today, RiskXchange scoring empowers Pret to make well-informed decisions about supplier risks within a matter of days.

“With RiskXchange, we have seen the time taken to assess third-party companies cut in half and we no longer have to manually approach our due diligence,” says Alan Cain.


Crucially, Pret has gained these advanced, real-time capabilities without sending its operational expenditure soaring. Compared to a similar solution delivered by a professional services organisation, the total cost of ownership for RiskXchange is up to 75 percent lower. And because RiskXchange is an AI-powered solution, it can provide deep insights into areas such as security posture and security maturity without the need for human input.

Alan Cain says, “Our global business runs on trust—and with RiskXchange from Northdoor driving our cyber risk management strategy, we’ve gained the real-time insights we need to ensure our suppliers are trustworthy custodians of our sensitive data.”
Download  Case Study PDF 
For more information on RiskXchange, click here or contact us below.

    By providing your details, you agree to be contacted by us. We promise to only use your information within Northdoor and not to pass this to any other 3rd party marketing companies. You can opt out at any time. More details can be found in our Privacy Policy .
  • This field is for validation purposes and should be left unchanged.