Internet Explorer is not supported on this site. For an optimal experience, please use a modern browser, such as Chrome, Edge, Firefox, or Safari.
Cybersecurity and data privacy

The growing intersection of supply chains, connectivity and access to data is increasing the potential for cyber-attacks.

We are committed to developing and maintaining a best-in-class information security program that addresses cybersecurity and data privacy, including for our customers’ data. We continuously work to enhance our policies, processes and technology to strengthen our cyber resilience and protect the data and security of our stakeholders.

BitSight Security Ratings measure an organization’s cybersecurity risk and security management effectiveness. The rating is calculated by BitSight using their proprietary algorithm based on externally observable data.

Cybersecurity monitoring and assessments1
Our cybersecurity program undergoes internal and external reviews. In addition to the annual assessment of the program and its components, robust vulnerability assessment processes are in place, as well as penetration testing, red teaming, tabletop exercises and phishing drills conducted by internal and external teams. Results are continuously measured and assessed for possible improvements.

We contract reputable third parties to conduct annual external assessments of the cybersecurity program and its components. In 2021, these independent assessments included CoalFire and Trace3. Similarly, governmental agencies and their contracted agents conduct regular reviews in jurisdictions where we operate. Furthermore, insurance agents, clients and other market participants continually assess our security posture for their own needs. There were no material2 incidents related to data and cybersecurity breaches across our global operations in 2021.
Employee training and awareness1
Our employees are required to complete annual cybersecurity training, and compliance is monitored. We use general and targeted phishing simulations to help our employees better recognize and respond to potential threats.

The training program is further enhanced by inviting cybersecurity experts to scheduled educational events. We also offer specialized training modules on emerging cyber threats for our software development teams.
Data privacy and protection1
We updated our Privacy Policy to highlight existing protections. The policy explains how we collect personal information; how we use, disclose and protect such information; and the choices our customers have concerning use of such data.
how we meet our data governance obligations