In 2020, the jewelry retailer Pandora began to undergo a 360-degree assessment of their cybersecurity posture and hygiene in the midst of massive cybersecurity upheaval. The new Information Security Director, Thomas Zuliani, along with the cybersecurity team of three people, turned to BitSight as part of their new cybersecurity plan.
In 2020, the jewelry retailer Pandora began to undergo a 360-degree assessment of their cybersecurity posture and hygiene in the midst of massive cybersecurity upheaval. The new Information Security Director, Thomas Zuliani, along with the cybersecurity team of three people, turned to BitSight as part of their new cybersecurity plan.
“BitSight was a key part of our plan because it allowed us to understand where we were starting from,” says Zuliani. “We were eager to improve our cybersecurity maturity, and it was easy to select BitSight as a partner because we all saw that it was a good way to show to the C-level our Pandora maturity from the outside world. It facilitates an easier conversation around financial risk, something the Board and C-levels could easily understand.”
"When you have good tools, great processes, and excellent people, you can have a better cybersecurity program and overall hygiene. BitSight facilitates the conversation with our top management, since it is easier for them to understand Cybersecurity from a risk-based approach."
Starting with a team of just 3 people, Pandora began by building a plan around improving their posture. Zuliani and his team defined three key areas to build out the team and process:
The cybersecurity team quickly recognized BitSight as a critical KPI to track maturity, fix issues, and show to key stakeholders how the team manages cybersecurity. Over the course of their first year using BitSight Security Performance Management (SPM) to identify gaps and fix controls, Pandora saw their Security Rating increase significantly. Not only that, but the team began to have more productive conversations with the C-level about how Pandora compares to peers, financial risks, and how accounting firms see them.
“Once a year, one of the primary accounting firms evaluates our maturity,” explains Zuliani. “BitSight has made those conversations easier because they understand BitSight and are excited we use it. It’s kind of like checking a box for them.”
Since starting the process in 2020, Zuliani’s team grew from 3 to 25. Looking forward, Pandora has begun working with the BitSight Advisors team to help set targets and create action plans to continue improving and maturing their cybersecurity posture.
As a retailer with thousands of franchises, the Pandora headquarters need to have full control over different franchise’s hygiene controls, since each entity’s performance impacts Pandora’s overall rating. In addition, Pandora's security team uses a centralized, global strategy (from support to management) that can make it challenging to understand remediation scope. With tailored training and support from the BitSight Advisors team, Zuliani’s team is developing a strategy to combat this challenge and build a plan to improve ratings and prioritization efforts.
“I get very tailored service with BitSight Advisors and their support overall has been very insightful,” says Zuliani.