Management Approach
Material topic: Digitalization & cyber security
[GRI 3-3]
As new digital technologies dramatically reshape industries, Lenzing pursues efforts to leverage the benefits of these technologies to optimize its operations, enable transparency and traceability along the value chain and provide additional value to its customers. The COVID-19 lockdowns have been a boost for digital solutions that safely supported internal collaborations and customer relationships when face-to-face meetings were not possible. The company promotes a risk-based approach to ensure global compliance with information security. To empower its people with the knowledge needed to mitigate the risk of cybercrime, Lenzing continued our ongoing initiatives to raise awareness, like eLearnings, face-to-face trainings and even phishing campaigns to test and train the internal community. To further propel the digital abilities of its teams, Lenzing launched the Lenzing Digital Academy. This starts to be an important basis for further digitalization initiatives, such as the digitalization and re-build of the business processes for the Enterprise Resource Planning System in a greenfield approach already started. 2022 was another year with still rising challenges in cybersecurity, which have been anticipated with the right steps to improve the cyber resilience in several dimensions. Lenzing is also extending its technical solutions to prevent fraud across the supply chain.
Actual and potential negative and positive impacts
Positive
- Increased transparency and traceability of supply chains and thus supply chain security
- Protection of our business processes and data
- Increased trust of employees, customers and partners through responsible data handling
- Optimization towards “lean” and digitally supported business processes, saving time, energy and reducing raw material usage
- More flexible digital working environments to retain talent, attract future talent and allow for a new way of working
- Digitalization helps to anticipate the needs of customers and improves the customer experience
Negative
Own activities:
- Successful cyber-attacks could stall business processes or even impact operation
- Potential disclosure of information could incur high regulatory penalties or claims
- Potential compliance issues could reduce Lenzing’s credibility in the values it champions
Business relationships:
- Successful cyber-attacks could stall business processes or even impact the operation of business partners
Policies and commitments
- Data Protection & Information Security Policy approved by the Board of Management
- Data Protection & Information Security by design & default
- Protective measures appropriate to the related risks
- Applicable legal regulations and a set of internal policies, directives and guidelines
Actions taken
- Cyber-attacks have been averted successfully by technical means (e.g. via the rapid mitigation of several zero-day incidents and regular vulnerability management), but also because of aware and empowered employees
- Alignment of cyber security measures to business needs
- Continuous improvement of Lenzing’s cyber security measures
- Continue the Lenzing Security Programme, which was derived from the Cyber Security Framework Gap Analysis
- Maintaining appropriate technical and organizational measures for the processing of personal data
- Further development and management of the information security & data protection management system
- Regular information security assessments and audits by external and internal parties
- Regular internal/external penetration testing
- Regular risk assessments with enterprise risk management and cyber insurance companies
- Close identified gaps through immediate actions and by the creation and execution of appropriate Service Improvement Plans
- Running information security due diligence programs on third parties
- Notification mailbox to report any suspicious, probably fraudulent emails and personal feedback given to the sender(s)
- Digital Innovation Function is responsible for capitalizing on new digital technologies
- Launch of fiber identification system for VEOCEL™ Lyocell fibers
- Up-skilling of work-force guarantees enhanced and more efficient utilization of IT applications and facilitates digital transformation
- Further digitalization with company seals used for E-Branding Service, invoice signing and approval workflows
Sustainability targets, measures and progress
For more information, please see the “Sustainability targets, measures and progress” chapter.
Stakeholder
- Customers
- Consumers
- Providers of digital solutions
- Employees
- Lenzing shareholders
- Competent authorities and auditors of various labels
For more information, please see the “Stakeholder engagement” chapter.
Responsible
- Member of the Managing Board (Finance)
- VP Global IT
- VP Fiber Commercial
- Chief Information Security Officer
- Senior Director Digital Innovation
Supporting
- Business Process Organization
- Global IT, IT Backoffice Team, Business Process Leaders
- Department/team leaders, local coordinators
- Digital Product Owners
- Lenzing employees during their daily work