Case Study | Retail

XM Cyber Helps Global Retail Giant:
Secure Rapidly Expanding Infrastructure

Ilaria Buonagurio
Head of Corporate Information Security Prevention Offices

Get a Demo

  • Industry

    Retail

  • Employees

    80,000

  • Objective

    Designing, manufacturing, and selling products across B2B and B2C channels with a focus on innovation, quality, and customer experience.

Download the PDF

The Challenge: Prioritizing Risk Across a Diverse, Expanding Estate

The company’s rapid global growth, fueled by frequent acquisitions, created a highly diverse and complex IT environment. The security team relied on multiple tools, yet struggled to standardize security measures and prioritize risks effectively. This led to paralysis by volume; as Ilaria Buonagurio, Head of Corporate Information Security Prevention, notes, “We had thousands of critical vulnerabilities but no way to know which ones truly mattered.”

Without prioritization, everything appeared urgent, which created friction with IT teams who resisted changes that might disrupt the business. Compounding the challenge, integrating newly acquired companies introduced unknown vulnerabilities into the environment. Furthermore, the security team struggled to show tangible evidence of risk reduction to senior leadership, making it challenging to secure continued investment. The retailer needed an integrated view of its security posture that could clearly identify which vulnerabilities posed a real attack risk and provide tangible evidence of security improvements.

The Solution: Continuous Risk Reduction with Attack Path Prioritization

The company selected XM Cyber for its unique ability to interconnect exposures across the diverse attack surface and prioritize them based on real-world attack paths. Following a successful proof-of-concept, XM Cyber was deployed enterprise-wide, immediately transforming the team’s focus. XM Cyber helped the team reduce the number of critical vulnerabilities requiring immediate action from thousands to just 10-15. “XM Cyber helped us focus on what really matters,” explains Ilaria. “With targeted fixes, we saw a reduction in our attack exposure from 98% to just 2%.” The solution was particularly impactful during mergers, allowing the team to assess cybersecurity risks before merging infrastructure and proactively addressing exposures.

By delivering clear, visual evidence of security improvements, XM Cyber also strengthened engagement with leadership, which helped secure funding for ongoing initiatives. The deployment process was smooth, with XM Cyber integrating seamlessly into the company’s existing security stack, and the collaboration between IT and security teams improved significantly as IT now understood the true impact of vulnerabilities and was more willing to apply targeted patches.

“XM Cyber helped us go from thousands of critical vulnerabilities to just a handful of key fixes, reducing our exposure from 98% to 2%. That’s a game-changer for us.”

Benefits and Outcomes: Focused Remediation and Stronger Collaboration

The retailer achieved tangible, measurable results and significantly improved internal collaboration after deploying XM Cyber. One of the clearest examples of XM Cyber’s value came following a security incident in a specific country. Post-incident analysis revealed thousands of vulnerabilities, yet using XM Cyber, Ilaria’s team identified just two critical fixes that reduced the number of exploitable machines to less than 1%. “That was a turning point,” Ilaria shares. “The local IT team saw the results and immediately requested to keep using XM Cyber.”

The company now leverages XM Cyber across its operations to maintain a low-risk environment, making security efforts more efficient, strengthening leadership support, and minimizing acquisition risks. “We’ve never had this level of visibility,” says Ilaria. “With XM Cyber, we can act quickly, remediate effectively, and make smarter decisions about our security posture.”

“Explaining the impact of our security measures to leadership has become much simpler with XM Cyber. When you only need to apply two patches instead of thousands, it’s much easier to demonstrate the value of those actions.”

Recommendation and Future Expectations

 

The security team highly recommends XM Cyber for its ability to reduce exposures, improve efficiency, and align security with business goals. The platform has proven highly effective at bridging the gap between IT and information security teams, fostering a collaborative environment that streamlines the implementation of complex security initiatives. Critically, XM Cyber revolutionizes vulnerability management by shifting focus from overwhelming volumes to a precise, risk-based approach. This enables the team to reduce their security exposure drastically and move from thousands of vulnerabilities to just a handful of essential fixes, which resulted in a monumental exposure reduction (e.g., from 98% to 2%). This newfound clarity and prioritization also simplify the process of communicating security value to executive leadership, allowing teams to confidently demonstrate the high-impact results of their targeted security actions.

According to Ilaria, “With XM Cyber, we’re not just patching for the sake of patching. We’re addressing the vulnerabilities that matter and proving our value to the business.” As the company continues to grow, XM Cyber remains a key partner in securing new environments, reducing risk, and supporting the security team’s mission to protect the organization while enabling innovation.

“Explaining the impact of our security measures to leadership has become much simpler with XM Cyber. When you only need to apply two patches instead of thousands, it’s much easier to demonstrate the value of those actions.”