DS Smith: Innovating Cyber Risk Management in the Packaging Industry

DS Smith, a prominent player in the packaging solutions sector, is a FTSE 100 listed company that specializes in providing innovative packaging for a diverse range of industries, particularly fast-moving consumer goods (FMCG). With a robust presence across Europe and a growing footprint in the United States, DS Smith is a leader in corrugated cardboard production. The company not only operates its own paper mills to ensure a steady supply chain but also runs significant recycling businesses, emphasizing sustainability in its operations. As Tony Dimond, head of risk at DS Smith, aptly states, “If you get a cardboard box delivered to you in Europe, it’s probably been produced by DS Smith.”

Navigating the Cyber Insurance Landscape

In an era where cyber threats are increasingly sophisticated and damaging, businesses must remain vigilant and proactive in their risk management strategies. However, DS Smith faced significant challenges in the traditional cyber insurance market. As cyber threats evolved, so did the complexity of the questions posed by insurers. The methods of assessing risk became opaque and inconsistent, often failing to recognize the substantial investments DS Smith had made to mitigate these risks.

Dimond emphasizes this point: “We don’t see ourselves as buyers of insurance, rather sellers of our risk.” This perspective highlights the disconnect between DS Smith and traditional insurers, who were not aligned with the company’s cybersecurity investments and risk profile. As premiums for cyber insurance continued to rise, the quality of data and insights provided by carriers diminished, leaving DS Smith seeking a more engaged and informed partnership.

A New Partnership for Enhanced Risk Management

Recognizing the need for a more tailored approach to cyber risk management, DS Smith sought an insurance partner that could appreciate the significant investments it had made in cybersecurity. The company turned to its key insurer contacts and discovered Intangic, a platform that offered innovative solutions for assessing and managing cyber risk.

One of the standout features of Intangic’s platform is its incident pre-warning technology, which allows organizations to assess the components of cyber risk and focus on areas most susceptible to future attacks. Asif Shah, risk and insurance manager at DS Smith, explains, “When we started working with Intangic, we got a service providing pre-incident warnings, which could supplement our insurance and give us a more innovative way to do risk modeling.” This proactive approach enables DS Smith to allocate resources effectively and address potential issues before they escalate into significant problems.

Why a Resilience Approach Matters

The partnership with Intangic has allowed DS Smith to adopt a resilience approach to cyber risk management, which offers several key benefits:

1. Data-Driven Decisions: Intangic’s platform provides the data necessary for quantifiable risk assessments, enabling DS Smith to make logical decisions based on facts rather than emotions.

2. Holistic Risk Management: The collaboration has shifted the focus from isolated incidents to a broader understanding of the risk landscape, allowing for more comprehensive risk management strategies.

3. Enhanced Communication: The partnership has bridged gaps between the risk and cybersecurity teams, fostering better communication and collaboration in presenting scenarios to the board and executives.

4. Proactive Mitigation: With early warnings, DS Smith can act swiftly to prevent small issues from escalating into major problems, leading to true loss prevention.

5. Autonomy and Control: By leveraging their own data and risk models, DS Smith can effectively sell their risk to insurers, aligning their approach with their risk management strategies.

A Pathway to Better Protection

From the outset, the collaboration with Intangic was centered around shifting the focus from merely transferring risk to actively preventing loss. Dimond notes, “We didn’t want to duplicate what our CISO already had access to, nor did we want to use a security solution as a proxy for a risk management solution.” This clarity of purpose has allowed DS Smith to evaluate its risk relative to key technology areas and make informed decisions on prioritization.

The results of this partnership have been tangible. Steve Collins, DS Smith’s group CISO, highlights the benefits of collaboration: “The CISO needs to work closely with their risk teams on cyber insurance. Working with Tony and his team has led to better cover, often at lower costs, introducing different, and complementary, tooling: a win-win all round.” This evolving partnership is now enabling the risk team to better analyze supplier cyber risks, prioritize vulnerabilities, and develop effective mitigation strategies.

Leveraging the Captive for Cyber Risk

Before partnering with Intangic, DS Smith had already established a captive dedicated to managing cyber risk. However, the way they assessed risks internally has transformed dramatically. Dimond explains, “We were concerned about how to price our risk on our profile alone. We asked for help. What we received was of little value for a business that needed a robust pricing methodology.”

With Intangic’s data, DS Smith has developed its own underwriting model and assessment process, allowing them to justify why the captive should take on certain risks rather than relying on external carriers. This newfound capability has empowered DS Smith to approach insurers with well-quantified risk profiles, avoiding inflated premiums and ensuring fair pricing.

Conclusion: Shaping the Future of Cyber Risk Management

DS Smith’s innovative approach to cyber risk management underscores the importance of proactive strategies in an ever-evolving threat landscape. By partnering with Intangic, the company has not only enhanced its ability to identify and mitigate risks but has also reshaped its overall risk management framework. As Intangic’s CEO, Ryan Doddz, concludes, “We want our platform to be something that customers love, and the feedback and collaboration with DS Smith has been invaluable.”

In a world where cyber threats are a constant reality, DS Smith’s journey illustrates the power of collaboration, innovation, and a resilience-focused approach to safeguarding business operations and ensuring long-term success.