Cybersecurity

Policies and commitments

Metlen has developed and is committed to the implementation of a holistic Information Security Management System, which consists of policies, procedures, and guidelines, through which the effective and efficient protection of the Company's information systems and data is achieved. The Information Security Management System is designed to support Metlen’ business objectives, to reduce the risk of breach of confidentiality, integrity and availability of corporate information and information systems, and to instill the Company's strategy and ethical values, as well as the principles of information security, in the Company's personnel.

In addition, Metlen, being fully aware of the significance of the cybersecurity threats it faces and the related potential consequences, has decided to be more vigilant against information security risks, which is achieved through the existing Information Security Management System. Metlen' objectives, responsibilities, accountabilities, and commitments are communicated through the Information Security Management System to all employees, partners and third parties involved.

Impacts and major risks

Impacts

Ensuring smooth business operations, protection of corporate and personal data and a high level of compliance with effective regulatory requirements.

Major risks

A decisive factor for the effective maintenance of an adequate level of cybersecurity is the successful identification of the most critical information security risks that are directly related to the size of Metlen, the nature and scope of its business activities and services offered, as well as its active partnerships with third parties. Metlen identifies as most significant the risks that arise from targeted cyber-attacks, which aim to disrupt the Company's proper operation. Indicative examples of such attacks include Distributed Denial of Service attacks, as well as attacks with malicious encryption software or ransomware. At the same time, in the context of safeguarding human rights, Metlen recognizes the risk of data leakage to unauthorized entities as equally important, which may occur intentionally or unintentionally, due to human error.

Management/Control practices

  • Metlen has implemented a holistic Information Security Program, which consists of appropriate organizational and technical security safeguards, in order to address the identified risks in a timely, effective, and efficient manner and to prevent or mitigate any potential impact.
  • Through its cooperation with independent organizations and consultants, Metlen periodically reviews the adequacy and effectiveness of its information and IT security policies, procedures and guidelines and makes any necessary updates to the Information Security Management System, according to the Company's needs.
  • Identification, assessment, and prioritization of information security risks, specifying the associated information resources, their exposure to cybersecurity threats, the potential impact on the Company, as well as the existing security safeguards.
  • Parallel actions that are implemented and contribute to the continuous identification of risks are the vulnerability assessments of information systems.
  • Metlen has developed a regular and structured awareness and training program on information and IT security issues, which is implemented on a continuous basis.
  • Metlen has designed and implemented a business continuity and disaster recovery plan.

Effectiveness of the actions

  • 100% of the users of the Company’s information systems, i.e. 3,029 users, participated in the training activities that were conducted, which focused on 10 different security issues.
  • 62% of employees completed these trainings, while 38% are in the process of completion.
  • 90% of employees successfully completed the corresponding information security assessments.