Digitalization & cyber security

Material topic: Digitalization & cyber security

Importance for Lenzing

• More and increasingly sophisticated external attacks, much greater complexity of networked ecosystems and rising regulatory demands are calling for utmost care in cyber security
• Information security and data protection are imperative to protect business, customer, partner and employee data as well as intellectual property (know-how)
• Harvesting the benefits of digital technologies to maintain Lenzing’s technological advantage

Opportunities

• Increased trust of employees, customers and partners through responsible data handling
• Optimization of business processes, saving time, energy and reducing raw material usage
• Digitalization helps to anticipate the needs of customers and improves the customer experience
• Increased transparency and traceability of supply chains and thus supply chain security
• More flexible digital working environments to retain talent, attract future talent and allow for a new way of working

Risks

• Successful cyber-attacks could stall business processes or even impact operation
• Potential disclosure of information could incur high regulatory penalties or claims
• Potential compliance issues could reduce Lenzing’s credibility in the values it champions

Guiding principles

• Data Protection & Information Security by design & default
• Protective measures appropriate to the related risks
• Applicable legal regulations and a set of internal policies/directives/guidelines

Due diligence processes and (ongoing) measures

• Continuous improvement of Lenzing’s security measures
• Alignment of cyber security measures to business needs
• Maintaining appropriate technical and organizational measures
• Further development and management of the information security & data protection management system
• Regular information security assessments, audits and trainings
• Regular internal/external penetration testing
• Regular risk assessments with enterprise risk management and cyber insurances
• Running information security due diligence programs on third parties
• Notification mailbox to report anything suspicious, such as fraudulent emails
• Continuously monitor applicability of the technical organizational measures (TOMs)

Objectives

• Ensure appropriate level of protection for the Lenzing Group and its connected partners
• Manage information security and data protection risks
• Build and maintain a security-conscious culture
• Value-adding use of data, digital technologies and IT infrastructure
• Generate competitive advantages via the use of digital technologies

Achievements/activities in the reporting year

• Cyber-attacks have been averted successfully, e.g. via the rapid mitigation of several zero-day incidents
• Continuous improvement – existing safety measures were challenged with involvement of the public NIST Cyber Security Framework
• Launch of “Next Generation Level of Protection” program
• Completion of several penetration tests including corrections via Service Improvement Plans (SIP)
• Further digitalization with company seals used for E-Branding Service, invoice signing and approval workflows
• All board members & directors worldwide (90+) were provided with qualified electronic signatures for eSign-off
• Launch of a Digital Innovation Function to capitalize on digital technologies
• Extension of fiber identification technology to TENCEL™ branded lyocell and modal fibers
• Launch of fiber identification system for VEOCEL™ Lyocell fibers

Responsible

• VP Global IT
• Chief Information Security Officer
• Senior Director Digital Innovation

Supporting

• Security Operators within IT
• Local coordinators