Data security and cyber risk

Our approach

Digitalisation of processes and activities can have numerous advantages and makes work easier. However, increased digitalisation also increases the risk of cyberattacks. This means that protecting digital systems and infrastructure is crucial for companies. In addition, data, including customer data, also need to be secured.

Cyberattacks can have a profound impact on a company and its businesses, what can result in production shutdowns, supply disruption, and breaches or loss of personal data. Naturally, this also risks a loss of reputation.

Our employees and all business partners, including our customers, rely on the measures and prerequisite programmes implemented throughout the Jungbunzlauer Group to safeguard systems and data and minimise the risk of data breaches and cyberattacks.

Compliance with applicable data protection laws is key to building on Jungbunzlauer’s success and increasing the confidence of our customers in the quality of our services. It is also crucial for increasing our employees’ and contractors’ trust in us as an attractive employer.

We implement robust measures in order to ensure a high level of data protection. Human behaviour plays one of the most important roles in cyber risk manage-ment and data security. This is why we focus on training our employees. We want to  achieve an open culture. We talk about cybersecurity and we act attentively and responsibly.

Our high safety standards for our Information Technology (IT) systems safeguard our digital infrastructure and reduce the risk of cyberattacks. Operational excellence is ensured by our Operational Technology (OT) systems.

Our ambition

Confidentiality, availability and integrity of data should be maintained within the whole Jungbunzlauer Group to guarantee regulatory compliance, as well as compliance with internal guidelines. These are also vital for safeguarding the reputation of our company.

Our focus areas based on the NIST cybersecurity domains

Identify focus areas

  • Inventory of all hardware assets
  • Inventory of all software assets

Protect focus areas

  • 100% coverage of malware and threat hunting technology
  • Strict network segmentation and traffic control

 

Detect focus areas

  • 24/7 secure operations centre
  • State-of-the-art use cases to identify breaches

Respond to focus areas

  • CSIRT organisation
  • Contracted partners

 

Recover focus areas

  • Backup and connections
  • Table-top exercises

Key measures and evaluation

Internal audits

Targets for 2023

Implementation of an audit process

Progress and achievements in 2023

All security and cyber services were included in a regular audit process

Employee trainings

Targets for 2023

Initiate new training sessions for employees 

Conduct phishing campaigns via email

Progress and achievements in 2023

Different trainings were made available, e.g. Clean Desk Policy training and Social Media Phishing campaigns were performed

Substantiated complaints

concerning breaches of customer privacy and losses of customer data

Targets for 2023

Zero complaints concerning breaches of customer privacy and losses of customer data

Progress and achievements in 2023

Zero confirmed complaints concerning breaches of customer privacy received, and zero leaks, thefts or losses of customer data identified in 2023

Outlook

Our goal is to continuously improve the security of our processes and systems in order to reduce the threat posed by cyber risks. Our cybersecurity programme will be further expanded in the future. Various projects and measures are set to be implemented over the coming years.
We constantly monitor current and potential future challenges in order to adapt to changing circumstances.