Data security and cyber risk
Our approach
Digitisation of processes and activities can have numerous advantages and makes work easier. However, increased digitisation also increases the risk of cyberattacks. This means that protecting digital systems and infrastructure is crucial for com- panies. In addition, data, including customer data, also need to be secured.
Cyberattacks can have a profound impact on a company and its businesses, which can result in production shutdowns, supply disruption, and breaches or loss of personal data. Naturally, this also risks a loss of reputation.
Our employees and all business partners, including our customers, rely on the measures and prerequisite programmes implemented throughout the Jungbunzlauer Group to safeguard systems and data and minimise the risk of data breaches and cyberattacks.
Compliance with applicable data protection laws is key to building on Jungbunzlauer’s success and increasing the confidence of our customers in the quality of our products. It is also crucial for increasing our employees’ trust in us as an attractive employer.
Our ambition
Our goal is to continuously improve the security of our processes and systems in order to reduce the threat posed by cyber risks.
Confidentiality, availability and integrity of data should be maintained within the whole Jungbunzlauer Group to guarantee regulatory compliance, as well as compliance with internal guidelines. These are also vital for safeguarding the reputation of our company. We implement robust measures in order to ensure a high level of data protection. Human behaviour plays one of the most important roles in cyber risk management and data security. This is why we focus on training our employees. We want to achieve an open culture. We talk about cybersecurity and we act attentively and responsibly.
Our high safety standards for our IT systems safeguard our digital infrastructure and reduce the risk of cyberattacks. Operational excellence is ensured by our OT systems.
Our focus areas based on the NIST cybersecurity domains
Key measures and evaluation
Every employee undergoes training sessions on cybersecurity.
These may be direct training sessions, or sessions initiated through test phishing campaigns.
The phishing campaigns are used to test our employees and to track the effectiveness of our training. Such campaigns are conducted every quarter and are supervised by the relevant Board members. During compliance training, employees must also take part in data security training. For more information, see chapter 3.1.
Jungbunzlauer audits all relevant aspects of cybersecurity yearly based on focus areas.
The results are shared with all global and local management organisations and,
where clear recommendations are made in the audits, we take relevant measures.
This is done for IT and OT environments separately.
The Jungbunzlauer Cyber Security Board reports monthly to all relevant internal stakeholders
with a dashboard of KPIs covering various aspects of cybersecurity.
Detailed KPIs are not disclosed through this report in order to prevent focused cyberattacks.
Outlook
Our cybersecurity programme will be further expanded in the future. Various projects and measures are set to be implemented over the coming years. We constantly monitor current and future challenges in order to adapt to changing circumstances.
