Australia
Austria
Belgium
China
Czech Republic
Denmark
Estonia
Finland
France
Germany
Hungary
India
Ireland
Italy
Japan
Kazakhstan
Latvia
Lithuania
Malaysia
Netherlands
Norway
Poland
Singapore
Slovenia
Spain
Sweden
Switzerland
Thailand
UK
Ukraine
Cyber Risks
Cyber risks refer to the potential threats and vulnerabilities that can compromise the confidentiality, integrity, and availability of information systems, devices, networks, and data. These risks can arise from various sources, including cyber-attacks, data breaches, phishing, malware, ransomware, and other forms of cybercrime.
The scope of cyber risks encompasses all digital assets, including hardware, software, data, and the human elements that interact with these systems. The impact of cyber risks can be immediate and severe, affecting not only financial performance but also operational business continuity and key stakeholder, e.g. customer or business partner trust.
Cyber Risk Management at Orion
Orion's approach to managing cyber risks involves a comprehensive Information Security Management System (ISMS) that aligns with industry standards and compliance requirements like the NIS2 directive. The ISMS framework includes policies, processes, and controls designed to protect Orion's information systems, devices, networks and data from cyber threats.
Effective management of cyber risks is crucial for maintaining the security and integrity of Orion's information systems and data. By implementing a robust ISMS, conducting regular training, awareness programs, continuously monitoring and reporting on cyber risks, Orion can mitigate potential threats and ensure business continuity. The proactive approach to cyber risk management complements the broader compliance risk management framework, ensuring that Orion meets its regulatory obligations while protecting its digital assets from evolving cyber threats.
Orion employs a range of measures and controls to mitigate cyber risks, including technical controls, administrative controls and physical controls to address the ever-evolving landscape of cyber threats.
Key performance indicators (KPIs) and metrics are used to assess the effectiveness of security controls. Quarterly reports are generated for the Executive TeamManagement and the Board of Directors, highlighting the current cyber risk posture and any areas requiring attention.
Training and Awareness
Cybersecurity awareness is a crucial activity for mitigating cyber risks. It involves educating employees and partners about potential cyber threats and best practices to prevent them. By fostering a culture of vigilance, users can recognize and respond to phishing attempts, malware, and other cyber attacks. Proactive approach helps reduce vulnerabilities and enhances overall security posture.
Orion places a strong emphasis on training and awareness to manage cyber risks effectively. Mandatory training program, continuous phishing simulation, microlearning material, incident rehearsals and specific targeted trainings sessions are in place and organized for our employees.