IE 22.1. Cybersecurity risk mitigation program

  • Radia Guira

In an increasingly digitized world, cybersecurity has become a paramount concern for companies of all sizes. The ESG framework of France Invest recognizes this importance by requiring companies to implement programs to combat cybersecurity risks. This article explains how to identify these programs and how to report them.

1. How to answer this question ?

To provide an adequate response, companies must:

1. Identify program elements: Search and identify policies, insurances, continuity plans, and security testing practices in place to protect against cyber risks.

2. Assess implementation: Determine if your program is fully operational, in development, or has not been implemented.

3. Choose the appropriate response: Select ‘Yes’ if a program is in place, ‘No, in development’ if that is the case, ‘No, not implemented’ if no program exists, or ‘No, not applicable/material’ if it does not apply to your company.

2. Why is it important ?

A robust cybersecurity program is essential to protect sensitive information and maintain the trust of customers and partners. It also demonstrates the company’s diligence in managing emerging risks.

3. Examples :

– Example A: A bank has implemented an advanced security system with quarterly penetration tests and cyber attack insurance. It would answer ‘Yes.’

– Example B: A small online bookstore is developing its first IT security program, including a cybersecurity policy and regular testing. The response would be ‘No, in development.’

Recognizing the existence and progress of a cybersecurity program is a step towards transparency and adapting to modern data security standards. It’s a commitment to protecting not only the company but also its customers against cyber risks.