For Smit, the partnership provides reassurance. “I know the program is ongoing, that the right training is in place and that both leadership and store teams are involved,” he explains. “We are building a culture where security awareness is part of how we work, not an afterthought.”
By combining technology, clear policies and a strong focus on behavior, Hunkemöller continues to strengthen its resilience, keeping cybersecurity firmly on the daily agenda.
Blog
'Cybersecurity is what keeps me awake at night'
Hunkemöller is an international lingerie brand with more than 750 stores and 19 online shops across 12 European countries. With a history spanning over 140 years, the company is firmly in the midst of a digital transformation. Leading that transformation is Chief Technology Officer Gordon Smit, who oversees the entire IT landscape, from hardware and point-of-sale systems to backend infrastructure, payment platforms and, of course, cybersecurity.
You can enable English subtitles via the settings in the YouTube player.
“With over 6,500 employees working in stores, at headquarters and in our distribution center, people play a crucial role in our security posture,” Smit explains. Store teams are focused on serving customers and driving sales. Cybersecurity is not always their primary concern. “That is why awareness is absolutely critical.”
Awareness as biggest challenge
“When employees understand the risks, pause before clicking links, verify senders and handle data responsibly, we have already reduced a huge part of our exposure,” says Smit. To achieve this, Hunkemöller invests heavily in awareness initiatives, ranging from phishing simulations and e-learning modules to crisis response exercises.
“There is one scenario I truly worry about,” he adds. “Getting a call from our security officer telling me we have been breached.”
Together with Behaav, Hunkemöller designed a structured security awareness program. It started with a baseline assessment, including surveys and interviews with departments exposed to higher security risks. Based on these insights, tailored training sessions and simulations were implemented. Behaav also conducted in-depth interviews with key teams such as finance and administration to gain a deeper understanding of specific vulnerabilities.
From boardroom to shop floor
Behaav supports Hunkemöller with a comprehensive security awareness program that reaches every level of the organization, starting at the top. One of the key initiatives was a tabletop exercise with the board, simulating a ransomware attack. The executive team was brought together without prior notice and had to respond to unfolding scenarios under time pressure.
“It was incredibly valuable to see how leaders react when faced with a realistic crisis,” says Smit. “It forced us to think clearly, define responsibilities and make decisions under stress.” The exercise provided practical insights into what needs to happen when an incident occurs.
According to Inge Ammerlaan, Security Awareness Program Manager at Behaav, engagement at every level is essential. “When people experience realistic scenarios, they immediately understand why vigilance and collaboration matter. That is how you build a strong and resilient security culture.”
Inge Ammerlaan in conversation with Gordon Smit of Hunkemöller.
Security awareness continuously top of mind
Behaav and Hunkemöller run recurring phishing simulations and training programs across the organization. A dedicated program manager from Behaav monitors progress, reviews results and adapts the approach to different departments where needed. “It requires very little effort from our side,” Smit says. “The program runs continuously, and it ensures security remains a priority.”
Combination of technology and behavioral change
Contact
Looking to strengthen your training program?
