Sustainability Report 2021 03.2 Cybersecurity 01 Introduction Engaging and training employees monitored by a dedicated Chief Information Security Specific measures to improve security controls Developing new insurance In 2021, we provided refresher data privacy Officer (CISO) function and the Allianz Group are continuously evaluated and developed with solutions to manage cyber risks 02 Measuring and training for all employees involved in processing Board of Management. An executive accountability priorities assigned on a global, risk-based view. Allianz Global Corporate & Specialty (AGCS) managing sustainability personal data, where legally required. New regime supports the enforcement of the governance Measures focus on five key risk areas: reducing protects organizations around the world against employees continue to be onboarded with the framework for all entities. the likelihood of incidents; increasing detection cybercrime and digital threats. The types of 03 Strengthening global data privacy training, launched in 2018. The Allianz Information Security governance likelihood; reducing damage from incidents; risks it covers include first-party losses (e.g. our foundation Together, these trainings ensure employees framework comprises multiple layers of corporate streamlining compliance; and training/educating the business interruption, restoration and crisis 03.1 Corporate citizenship across the organization have a suitable level rules and processes. An overall policy establishes organization to further improve security awareness. communications) and third-party losses (e.g. 03.2 Cybersecurity of knowledge concerning the principles of core principles, roles and responsibilities as well All employees are required to participate in data breaches, network interruption and 03.3 Regulatory and public affairs confidentiality and data privacy. as the organizational framework for Information at least quarterly cyber-awareness training. notification expenses). 03.4 Compliance In 2021, we hosted our sixth Allianz Privacy Technology and Information Security within These include activities like simulated phishing We are constantly evolving our solutions to enable 03.5 Tax transparency Summit to discuss supplier management best Allianz Group. e-mails, awareness campaigns or regularly more customers to manage the risks. Over the 03.6 Sustainable procurement practices, anonymization of personal data, Associated functional rules provide further offered dedicated Information Security trainings. past three years, we have reviewed and changed privacy governance monitoring and the impact details and specific implementation guidelines We also participate in industry and global/ where applicable cyber risk exposure coverage 04 Climate-related of new data privacy laws. for operating entities. The functional rules are regional initiatives to support the security of the across P&C policies spanning commercial, financial disclosure complemented by detailed descriptions of overall internet ecosystem. best practices to be followed across 14 defined corporate and specialty insurance segments. 05 Our universal principles 03.2.3 Information security topics to ensure the ‘security by design’ principle. Managing cyber risk for our customers This is never a ‘set and forget’ process and we 1 Ransomware has become an increasing risk for are always looking to improve on the situation. The Allianz Risk Barometer 2021 Information Security is regularly audited, The cyber underwriting strategy, which has ranks cyber risk as the top three risk both internally and externally, and is trained businesses across all sectors. With no easy remedy been implemented to address cyber exposures, of doing business globally with more regularly in dedicated exercises across all layers in sight, the onus is on individual companies to is reviewed regularly and we are continuing the respondents highlighting it as a top risk of the organization. invest in cyber security to make life harder for journey of ensuring relevant policies are updated gangs to launch ransomware attacks. The number and clarified in regard to cyber risks. than in 2020. We continuously adapt our 03.2.4 Cyber risk of ransomware attacks may continue to increase 2 Cyber insurance offers much more than just approach with a key focus on managing before the situation gets better. Those companies cyber risk for our own company and Managing cyber risk in our business that take steps now to prevent attacks and mitigate compensation for potential financial losses. the impact will be far less likely to fall victim It also includes valuable prevention and incident for our customers through targeted Cyber risk is assessed and tracked as one of the to ransomware and will find it easier to secure response services that enable companies to insurance solutions. top risks faced by Allianz and is closely managed required levels of cyber insurance. As insurers, improve their cyber resilience and mitigate along eight key risk indicators across the Allianz we must continue to work with our clients using negative impacts after an incident. AGCS’s expert Information Security is the application of technologies, Group. Performance against these indicators is a combination of policy, pricing and service consultants also support customers to recover processes and controls to protect systems, networks, reported quarterly to the Board of Management improvements to help businesses understand the from an incident and to ensure proper disclosure programs, devices and data from cyber-attacks. and Supervisory Board. Monitoring for cyber need to strengthen their controls. of a privacy incident to regulatory bodies As a core business discipline, information security incidents and measures to prevent them are and customers. is managed globally through a robust and mature implemented at a global level and supplemented governance framework aligned with international locally where required, together with the local Read more about our new approach to standard ISO 27001. Our approach is closely Information Security Officers (ISOs) that exist in insurance cyber risks on our website. all Allianz operating entities. 1 https://www.agcs.allianz.com/news-and-insights/reports/allianz-risk-barometer.html 2 https://www.agcs.allianz.com/news-and-insights/reports/cyber-risk-trends-2021.html 60