Segurança da Informação
Cyber Security
KODS 2030
100% of direct and indirect employees included in the digital language necessary to support the cybersecurity culture, ensuring the protection of personal and company data
Percentage of direct and indirect employees included in the digital language
| Category | 2020 | 2021 | 2022 | 2023 | 2030 Goal |
|---|---|---|---|---|---|
| Total number of direct employees | 15,037 | 17,436 | 18,394 | 17,739 | |
| Total number of indirect employees | 2,304 | 2,723 | 2,200 | 2,400 | |
| Trained direct employees | 8,340 | 8,659 | 10,739 | 15,864 | |
| Trained indirect employees | 120 | 962 | 726 | 960 | |
| % of trained direct employees | 55% | 50% | 58% | 89% | 100% |
| % of trained indirect employees | 5% | 35% | 33% | 40% | 100% |
An awareness plan on cybersecurity was developed with the support of Internal Communication, Klabin Business School, Legal, and Automation Technology. This challenge enabled the creation of a cyclical and ongoing process of awareness that is up-to-date and flexible.
Below are the numbers of participants and viewers of the content created and developed on cybersecurity.
- 740 lectures and workshops;
- 3,727 training sessions conducted on the Klabin Business School (ENK) platform;
- 26,579 phishing email simulators sent;
- More than 5,000 views of security videos and internal podcasts on the topic.
In 2023, we increased the number of phishing simulation campaigns and, with the support of the Corporate Communication department, we sent out Cybersecurity articles to all users fortnightly, as well as conducted workshops related to the subject.
| Category | 2023 | 2022 | 2021 | 2020 |
|---|---|---|---|---|
| Number of complaints received from external parties and proven by the organization | 0 | 0 | 0 | 0 |
| Number of complaints from regulatory agencies | 0 | 0 | 0 | 0 |
| Total number of identified leaks, thefts, or losses of customer data | 0 | 0 | 0 | 0 |
Klabin has an incident management process that addresses privacy issues, as well as a platform called Privacy Manager, which manages LGPD processes. The Company also has a complaints channel, confidential and mediated by a third party. The channel did not register complaints related to breaches of privacy and/or loss of customer data in 2023.
The Cybersecurity Policy and Primer are Klabin’s official documents that guide employees on the posture, good practices, and duties required to maintain an environment with a reduced risk against cyber attacks. All the content was developed based on the framework of the ISO27001 and IEC62443 standards, focusing on the following main topics:
1 – Information classification;
2 – Confidentiality and privacy;
3 – Work environment;
4 – Internet access;
5 – Social media;
6 – Email and communication apps;
7 – Intellectual property;
8 – Access;
9 – Backup;
10 – Incident.
Cybersecurity Management is headed by a Chief Information Security Officer (CISO), who is accountable to the Information Technology Board, which in turn is accountable to the Executive Board and the Board of Directors. The topic is included in the Company's risk assessment and all initiatives are guided by standards, frameworks, and legislation applicable to the segment, such as: IEC:62446, ISO27001, NIST, CIS, LGPD, Brazilian Civil Rights Framework for the Internet. All this governance was designed to support control initiatives in the quest to reduce cybersecurity risks and ensure the confidentiality, integrity, availability, and authenticity of information with an integrated vision of the administrative and industrial environment.
Cybersecurity is responsible for identifying, assessing and reporting legal and regulatory, IT and cybersecurity risks, while supporting and promoting business objectives. During the process of creating the cybersecurity journey, aligned with Klabin's strategic drivers and market references on security, an internal framework was developed that objectively addresses these challenges and supports the digital transformation.
Mission: to ensure the confidentiality, availability and integrity of Klabin's information through innovative processes and solutions that provide real results for the business and allow for the trust of customers, employees, society, and shareholders to be maintained.
Vision: to add value to the organization's image by increasing cybersecurity through efficient risk management with a focus on confidentiality, availability, and integrity of the information in the administrative and manufacturing environment.
The year 2023 confirmed the expectations of the escalation of attacks that affected various segments of society. In a volatile economic and political scenario, where practically everything, from banking transactions to factory monitoring, has become digital, companies seeking strategic advantages have come to rely on technologies such as artificial intelligence, cloud, telecommunications, and machine learning. In its process, Klabin establishes priorities based on risks and reinforces response strategies, cyber resilience, and unification of control technologies.
Updated and verified on: 07/04/2024