Management approach
Material topic: Digitalization & cyber security
[GRI 3-3]
As new digital technologies dramatically reshape industries, Lenzing pursues efforts to leverage the benefits of these technologies to optimize its operation and to enable transparency and traceability along the value chain. Lenzing promotes a risk-based approach to achieve global compliance with information security and data protection. Lenzing does this while balancing the rights and needs of the company, society and individuals. In response to risks from cybercrime, Lenzing performs periodical penetration tests to assess security measures. Regular background checks are performed to search for potential threats, disclosures in the dark web or hacked accounts. All findings revealed by such assessments, tests and by reported incidents result in a security review, risk assessment and subsequent corrective action.
Actual and potential negative and positive impacts, risks and opportunities
Positive
- Increased transparency and traceability of supply chains and therefore supply chain security
- Protection of Lenzing’s business processes and data
- Increased trust of employees, customers and partners through responsible data handling
- Optimization towards “lean” and digitally supported business processes, saving time, energy and reducing raw material usage
- More flexible digital working environments to retain talent, attract future talent and allow for a new way of working
- Digitalization helps to anticipate the needs of customers and improves the customer experience
Negative
Own activities:
- Successful cyber-attacks could stall business processes or even impact operations
- Potential disclosure of information could incur high regulatory penalties or claims
- Potential compliance issues could reduce Lenzing’s credibility in the values it champions
Business relationships:
- Successful cyber-attacks could stall business processes or even impact the operations of business partners
Policies and commitments
- Information Security Policy approved by the Board of Management
- Data protection & information security by design & default
- Protective measures appropriate to the related risks
- Applicable legal regulations and a set of internal policies, directives and guidelines
Actions taken
- Cyber-attacks have been averted successfully by technical means (e.g. via the rapid mitigation of several zero-day incidents and regular vulnerability management), but also because of aware and empowered employees
- Cybersecurity measures aligned to business needs
- Continuous improvement of Lenzing’s cybersecurity measures
- Continuing the Lenzing Security Program, which was derived from the Cyber Security Framework Gap Analysis
- Maintaining appropriate technical and organizational measures for the processing of personal data
- Further development and management of the information security & data protection management system
- Regular information security assessments and audits by external and internal parties
- Regular internal/external penetration testing
- Regular risk assessments with enterprise risk management and cyber insurance companies
- Close identified gaps through immediate actions and by the creation and execution of appropriate Service Improvement Plans
- Running information security due diligence programs on third parties
- Notification mailbox to report any suspicious, probably fraudulent emails and personal feedback given to the sender(s)
- Digital Innovation function is responsible for capitalizing on new digital technologies
- Up-skilling of work-force guarantees enhanced and more efficient utilization of IT applications and facilitates digital transformation
- Further digitalization with company seals used for E-Branding Service, invoice signing and approval workflows
- In 2023, Lenzing expanded its portfolio of fibers with the fiber identification technology to the spun-dyed LENZING™ ECOVERO™ branded viscose in black color and to LENZING™ ECOVERO™ x REFIBRA™, a newly produced viscose fiber with recycled content.
- As part of the Operations Digital Innovation roadmap Lenzing focussed on four major digital initiatives in 2023: data-driven quality control, digital twin technologies, mobile maintenance and augmented reality for training.
Sustainability targets, measures and progress
All of Lenzing’s sustainability targets can be found in the “General information” chapter.
Stakeholders
- Customers
- Consumers
- Providers of digital solutions
- Employees
- Lenzing shareholders
- Competent authorities and auditors of various labels
- Cyber security experts
Responsible
- CFO
- VP Global IT/Digital Innovation
- Chief Information Security Officer
- Senior Director Digital Innovation
Supporting
- Business Process Organization
- Global IT/Digital Innovation, IT Backoffice Team, Business Process Leaders
- Department/team leaders, local coordinators
- Digital Product Owners
- Lenzing employees during their daily work