Cyber security

Technological capabilities strengthened and able to protect individuals and institutions that interact with Klabin in the face of new ethical challenges arising from the advancement of technology.

KODS 2030

 

100% of direct and indirect employees included in the digital language necessary to support the cybersecurity culture, ensuring the protection of personal and company data

 

Percentage of direct and indirect employees included in the digital language

Category 2020 2021 2022 2023  2030 Goal
Total number of direct employees 15,037 17,436 18,394 17,739  
Total number of indirect employees 2,304 2,723 2,200 2,400  
Trained direct employees 8,340 8,659 10,739 15,864  
Trained indirect employees 120 962 726 960  
% of trained direct employees 55% 50% 58% 89% 100%
% of trained indirect employees 5% 35% 33% 40% 100%
 
 

A cybersecurity awareness plan was developed with the support of the Internal Communication, Legal and Automation Technology areas and by the Klabin Business School (ENK). This challenge enabled the creation of a cyclical and ongoing process of awareness, up-to-date and flexible. 

 Following are presented the numbers of participants and viewers of the material developed on the topic of cybersecurity.  

  • 740 lectures and workshops; 
  • 3,727 training sessions conducted on the Klabin Business School (ENK) platform; 
  • 26,579 phishing email simulators sent; 
  • more than 5,000 views of security videos and internal podcasts on the topic.

The phishing simulation campaigns were intensified in 2023, with information on cybersecurity being disseminated to all users every two weeks, supported by the Communications area, as well as workshops on the subject. 

Category 2023 2022 2021 2020
number of complaints received from external parties and proven by the organization 0 0 0 0
number of complaints from regulatory agencies 0 0 0 0
total number of identified leaks, thefts, or losses of customer data 0 0 0 0

Klabin has an incident management process that addresses privacy issues, as well as a platform called Privacy Manager, which manages LGPD processes. The Company also has a complaints channel, confidential and mediated by a third party. The channel did not register complaints related to breaches of privacy and/or loss of customer data in 2022.

The Cybersecurity Policy and primer are Klabin’s official documents that guide employees on the posture, good practices and duties required to maintain an environment with a reduced risk against cyberattacks. All the content was developed based on the framework of the ISO27001 and IEC62443 standards, focusing on the following main topics: 
1 – Classification of information; 
2 – Secrecy and privacy; 
3 – Workplace environment; 
4 – Internet access; 
5 – Social media; 
6 – Email and communication APP; 
7 – Intellectual property; 
8 – Access; 
9 – Backup; and 
10 – Incidents. 

Cybersecurity Management is headed by a Chief Information Security Officer (CISO), who is accountable to the Information Technology Board, which in turn is accountable to the Executive Board and the Board of Directors. The topic is included in the Company's risk assessment and all initiatives are guided by standards, frameworks and legislation applicable to the segment, such as: IEC:62446, ISO27001, NIST, CIS, LGPD, Brazilian Civil Rights Framework for the Internet. This governance was designed to support control initiatives in the quest to reduce cybersecurity risks to ensure the confidentiality, integrity, availability, and authenticity of information with an integrated vision of the administrative and industrial environment. 

Cybersecurity is responsible for identifying, assessing and reporting legal and regulatory, IT and cybersecurity risks, while supporting and promoting business objectives. During the process of creating the cybersecurity journey, aligned with strategic drivers and market references on security for Klabin, an internal framework was developed that objectively addresses these challenges and supports the digital transformation. 

Mission: to ensure the confidentiality, availability and integrity of Klabin's information through innovative processes and solutions that provide real results for the business and ensure that the trust of customers, employees, society, and shareholders is maintained. 

Vision: add value to the Company's image by increasing information security through efficient risk management with a focus on confidentiality, availability, and integrity of the information in the administrative and manufacturing environment. 

The year 2023 confirmed expectations of the escalation of attacks on various segments of society. In a volatile economic and political scenario, where practically everything from banking transactions to factory monitoring has gone digital, companies in search of strategic advantages have come to rely on technologies such as artificial intelligence, cloud, telecommunications and machine learning. In its process, Klabin sets priorities based on risks and reinforces response strategies, cyber resilience and the unification of control technologies. 

Updated and verified on: 06/25/2022

28/09/22