Internet Explorer is not supported on this site. For an optimal experience, please use a modern browser, such as Chrome, Edge, Firefox, or Safari.
Cybersecurity and data privacy

The growing intersection of supply chains, connectivity and access to data is increasing the potential for cyber-attacks.

We are committed to maintaining a best-in-class information security program that addresses cybersecurity and data privacy, including for our customers’ data. We continuously work to enhance our policies, processes and technology to strengthen our cyber resilience and protect the data and security of our stakeholders.

BitSight Security Ratings measure an organization’s cybersecurity risk and security management effectiveness. The rating is calculated by BitSight using their proprietary algorithm based on externally observable data.

Cybersecurity monitoring and assessments1
Our cybersecurity program undergoes internal and external reviews. In addition to the annual assessment of the program and its components, robust vulnerability assessment processes are in place, as well as penetration testing, red teaming, tabletop exercises and phishing drills conducted by internal and external teams. Results are continuously measured and assessed for possible improvements.

We contract reputable third parties to conduct annual external assessments of the cybersecurity program and its components. In 2022, these independent assessments included those by Alvarez & Marsal and BitSight2. Similarly, governmental agencies and their contracted agents conduct regular reviews in jurisdictions where we operate. Furthermore, insurance agents, clients and other market participants continually assess our security posture for their own needs. There were no material3 incidents related to data and cybersecurity breaches across our global operations in 2022.
Employee training and awareness1
Our employees are required to complete annual cybersecurity training, and compliance is monitored. We use general and targeted phishing simulations to help our employees better recognize and respond to potential threats.

The training program is further enhanced by inviting cybersecurity experts to scheduled educational events. We also offer specialized training modules on emerging cyber threats for our software development teams.
Data privacy and protection1
We continuously review and enhance our Privacy Program to safeguard privacy protections for our employees, customers, suppliers and all other stakeholders.
How we meet our data governance obligations