Cybersecurity

Policies and commitments

MYTILINEOS has developed and is committed to the implementation of a holistic Information Security Management System, which consists of policies, procedures, and guidelines, through which the effective and efficient protection of the Company's information systems and data is achieved. The Information Security Management System is designed to support MYTILINEOS’ business objectives, to reduce the risk of breach of confidentiality, integrity and availability of corporate information and information systems, and to instill the Company's strategy and ethical values, as well as the principles of information security, in the Company's personnel.

In addition, MYTILINEOS, being fully aware of the significance of the cybersecurity threats it faces and the related potential consequences, has decided to be more vigilant against information security risks, which is achieved through the existing Information Security Management System. MYTILINEOS' objectives, responsibilities, accountabilities, and commitments are communicated through the Information Security Management System to all employees, partners and third parties involved.

Impacts and major risks

Impacts

Ensuring smooth business operations, protection of corporate and personal data and a high level of compliance with effective regulatory requirements.

Major risks

A decisive factor for the effective maintenance of an adequate level of cybersecurity is the successful identification of the most critical information security risks that are directly related to the size of MYTILINEOS, the nature and scope of its business activities and services offered, as well as its active partnerships with third parties. MYTILINEOS identifies as most significant the risks that arise from targeted cyber-attacks, which aim to disrupt the Company's proper operation. Indicative examples of such attacks include Distributed Denial of Service attacks, as well as attacks with malicious encryption software or ransomware. At the same time, in the context of safeguarding human rights, MYTILINEOS recognizes the risk of data leakage to unauthorized entities as equally important, which may occur intentionally or unintentionally, due to human error.

Management/Control practices

  • MYTILINEOS has implemented a holistic Information Security Program, which consists of appropriate organizational and technical security safeguards, in order to address the identified risks in a timely, effective, and efficient manner and to prevent or mitigate any potential impact.
  • Through its cooperation with independent organizations and consultants, MYTILINEOS periodically reviews the adequacy and effectiveness of its information and IT security policies, procedures and guidelines and makes any necessary updates to the Information Security Management System, according to the Company's needs.
  • Identification, assessment, and prioritization of information security risks, specifying the associated information resources, their exposure to cybersecurity threats, the potential impact on the Company, as well as the existing security safeguards.
  • Parallel actions that are implemented and contribute to the continuous identification of risks are the vulnerability assessments of information systems.
  • MYTILINEOS has developed a regular and structured awareness and training program on information and IT security issues, which is implemented on a continuous basis.
  • MYTILINEOS has designed and implemented a business continuity and disaster recovery plan.

Effectiveness of the actions

  • 2,216 users of the Company's IT systems participated in the training activities that were conducted and focused on 8 different security topics.
  • 63% of workers completed these trainings.
  • 21% are in the process of completing such training.
  • 59% of employees successfully completed their respective information security assessments.
Change cookies consent Revoke cookies consent