Protecting data and safeguarding confidential information of all our stakeholders is a priority for Zurich. We take appropriate measures against the unauthorized or unlawful processing of data that Zurich maintains and against its accidental loss, access, destruction or damage. We address the increased regulatory requirements and the rapid change of the global cyber threat landscape through a variety of programs and initiatives governed by a global function with regional and local presence. This allows us to proactively address the fast changing nature of cyber and information security risk.
Our approach to information security is based on three key focus areas:
Embed multi layered security taking into account people, process, technology and data
Apply a risk based approach covering risks both from the inside and the outside, looking at past, present and future threats
Address the human element of information and cyber security with specific awareness and education activities with customers, employees and business partners
We continuously review our approach and action plans, adjusting when the threat landscape changes. Regular updates are provided to senior leaders and the Board of Directors.
Information and cyber security risk is embedded across the organization as shown here in the accompanying info-graphic.
The Chief Information Security Officer sets the overall strategy and security roadmap for the Group. He ensures that employees have the required security skills and knowledge. Regular forums track progress and ensure alignment is in place across the organization.
Group Risk Management provide independent challenge on risk matters and the overall strengthening of a risk aware culture on information security and cyber risk issues, while Group Compliance provides analysis, advice and monitoring of processes and controls.
Zurich’s Group internal audit function regularly performs audits and assist the Board in exercising its controlling and supervisory duties. External audits and targeted deep dives are part of the overall assurance framework and strategy.
Zurich applies multiple layers of protection to secure information assets.