Cyber security

The CEO and CFO of the Group are regularly informed by the Head of Group IT on cyber security topics (CFO every four months; CEO at least once a year). In addition, the Group’s Head of Global Operations is informed on cyber security topics specifically related to the operational area at the monthly Group IT meeting, as required. The Audit Committee is also informed at least once a year about progress and developments in the area of cyber security. In urgent cases, the required Group level is informed without delay.

The Audit Committee also evaluates the future approach and the need to adapt processes within the Group regarding reporting in the area of cyber security.

The Group has established a Security Operation Center to monitor potential threats to the Group’s digital presence and procedures have been implemented to respond to cyber security incidents within the Group. Cyber security is part of the existing risk management process within the Group and is continuously further developed. Cyber risks are analyzed on an ongoing basis and measures are assessed and taken as deemed appropriate. This includes taking defensive measures against cyber threats, detecting and dealing with any cyber attacks, and insurance coverage. Furthermore, cyber security awareness trainings have been rolled-out Group-wide in 2023 in order to further raise awareness of cyber security issues within the Group. In 2023, the Board of Directors approved a new AI policy.

There were no significant cyber security incidents within the Group in the reporting year.