Packaging provider DS Smith recognises that cyber is a dynamic risk that demands ongoing evaluation – and traditional insurance modelling wasn’t delivering the goods. A new partnership offers innovative, proactive solutions that mean the difference between merely transferring risk and actually preventing loss. Sara Benwell reports.

DS Smith is a FTSE 100 listed company specialising in packaging solutions for a broad range of sectors, including fast-moving consumer goods.

With a huge presence across Europe and a significant footprint in the US, the company deals heavily in corrugated cardboard. It owns paper mills to manage the supply chain and operates significant recycling businesses.

As Tony Dimond, head of risk at DS Smith, put it: “If you get a cardboard box delivered to you in Europe, it’s probably been produced by DS Smith.”

packaging

SELLERS OF RISK

In a world where cyber threats are more pervasive and damaging than ever, staying ahead of constantly evolving attacks is critical for businesses. However, the traditional cyber insurance market was creating challenges for DS Smith.

As cyber threats evolved, so did the complexity of the questions insurers were asking. Worse, the methods of assessing risk were opaque and inconsistent, and didn’t appear to recognise the effort and investments to mitigate or reduce exposures.

Dimond says: “We don’t see ourselves as buyers of insurance, rather sellers of our risk. So, when insurers ask us all these questions, we want to know how they’re assessing our risk. Every year we were getting more and more questions, with little insight on what risks might have greatest relevance to our business.”

At the same time, the cyber insurance premiums were climbing, but the quality of data and insights provided by carriers was declining. DS Smith wanted active engagement from its carriers. The risk team saw cyber as a dynamic risk requiring ongoing evaluation.

There was a disconnect with carriers; it was clear that traditional insurance modelling wasn’t aligned with its cybersecurity investments and risk profile.

“We don’t see ourselves as buyers of insurance, rather sellers of our risk”

A NEW PARTNERSHIP

DS Smith decided it was time to take control and find an insurance partner that understood the significant investments it had made in cybersecurity and priced coverage accordingly. 

The company turned to its key insurer contacts to look for an innovative solution, and Intangic was introduced as a possible partner. DS Smith was particularly interested in the platform’s incident pre-warning technology, which could assess the components of cyber risk and focus on specific areas of probable future attacks, allowing the company to act and avoid costly and damaging incidents.

Asif Shah, risk and insurance manager at DS Smith, says: “When we started working with Intangic, we got a service providing pre-incident warnings, which could supplement our insurance and give us a more innovative way to do risk modelling. This allowed us to signpost possible future problems and allocate resources to address those issues. And that’s completely different to how the cyber market was evolving.”

WHY TAKE A RESILIENCE APPROACH TO CYBER RISK MANAGEMENT?

  1. Data-driven decisions: Intangic’s platform provided the data DS Smith needed to make quantifi able risk assessments, removing emotion and making logical decisions based on facts, benchmarked against the industry.
  2. Holistic risk management: The approach shifted from just dealing with isolated incidents to understanding the broader risk landscape.
  3. Enhanced communication: The partnership bridged gaps between the risk and cybersecurity teams, allowing both to provide scenarios to the board and executives with more confi dence.
  4. Proactive mitigation: Early warnings allow DS Smith to act before a small issue escalates into a signifi cant problem, allowing for true loss prevention.
  5. Autonomy and comtrol: By having their own data and risk models, DS Smith can sell their risk more eff ectively. Dimond said: “Now we are shaping our own destiny with carriers aligned with our approach to managing cyber risk.”

A PATHWAY TO BETTER PROTECTION

From the beginning, the collaboration with Intangic was about shifting focus from merely transferring risk to preventing loss, and DS Smith valued the fact that the platform provided quantifiable data to make better-informed decisions.

Dimond says: “We didn’t want to duplicate what our CISO already had access to, nor did we want to use a security solution as a proxy for a risk management solution. We needed to evaluate our risk relative to our key technology areas and make informed decisions on what to prioritise.”

And DS Smith has already seen tangible results. DS Smith group CISO Steve Collins comments: “The CISO needs to work closely with their risk teams on cyber insurance. Working with Tony and his team has led to better cover, often at lower costs, introducing different, and complementary, tooling: a win-win all round.”

This partnership is evolving and is now helping the risk team better analyse its supplier cyber risks, prioritise areas of vulnerability and help develop appropriate mitigation strategies.

“Working with Tony and his team has led to better cover, often at lower costs, introducing different, and complementary, tooling: a win-win all round.”

LEVERAGING THE CAPTIVE

DS Smith already had an established captive dedicated to handling cyber risk before partnering with Intangic, but how they assessed risks internally has changed dramatically as a result of the partnership.

Dimond explains: “We were concerned about how to price our risk on our profile alone. We asked for help. What we received was of little value for a business that needed a robust pricing methodology. Now, with the help of Intangic’s data, we have our own underwriting model and assessment process. We can justify why the captive should take the risk rather than trying to find a carrier whose risk portfolio matches ours.”

More importantly, it allowed them to approach insurers with well-quantified risk profiles, thus avoiding inflated premiums for the risk. Dimond says: “We had some ridiculous pricing from certain insurers in previous years; for some it was purely opportunistic. Fortunately, we had the gravitas to say: ‘No, we want to do it a different way’.”

DS Smith’s new approach to cyber risk management illustrates the importance of innovation and being proactive. Partnering with Intangic has not only helped the packaging company to spot threats on the horizon, but also reshaped how they assess and manage those risks. Intangic’s CEO, Ryan Doddz, concludes: “We want our platform to be something that customers love, and the feedback and collaboration with DS Smith has been invaluable.”