The Situation

The levels of information security risk across federated SABMiller’s landscape varied. There was lack of consistently applied policies and information security measures. The information security awareness amongst the company leadership was inadequate.

The Task

To stabilise the risk profile at an acceptable level and ensure that the risk level stays so in the environment of ever-changing security threats.

The Action / Approach

Defined the strategy for improvement of SABMiller’s information security broadly based on ITSF domains and benchmarks across all 70 SABMiller’s markets. This was overseen by the Global Executive Committee and successfully implemented in 2012-2015.

The Result

The implementation brought SABMiller from the tail of FMCG companies to a pragmatic leadership position in information security.