3.4 Cybersecurity and data privacy 3.4 Cybersecurity and data privacy – Leading role in cybersecurity means that they can be more exposed to cyberthreats. – Global expertise and governance structures Regulatory- and customer-specific security requirements are increasing, and Siemens needs to address them. We believe that data protection is an integral part of respon- Siemens takes a holistic approach to addressing cybersecurity sible business conduct. Cybersecurity and data privacy are in the best interest of our customers. It is essential to the key success factors for Siemens, and for digitalization in comprehensive protection of both industry and society from general. While data privacy practices cover personal data internal and external cyberattacks. from a legal perspective, cybersecurity focuses on protecting products, solutions, and services, information technology Our cybersecurity governance and policies (IT), and operational technology (OT). Our primary objective The Cybersecurity Board (CSB), chaired by the Global Chief is to maintain strong data protection and a high level of Cybersecurity Officer, is responsible for the implementation cybersecurity for the company and all our stakeholders. and coordination of cybersecurity throughout Siemens. The member of the Siemens AG Managing Board responsible for cybersecurity is part of the CSB, as are the Chief Cybersecurity Cybersecurity Officers of each of Siemens’ businesses. Management approach Given the importance of cybersecurity for the senior man- agement, the Global Chief Cybersecurity Officer reports Cybersecurity is rapidly growing in importance directly to the responsible member of the Managing Board, Digital systems have become indispensable in many sectors quarterly to the entire Managing Board, and annually to the of the economy: for instance, in hospitals, factories, smart Supervisory Board. buildings, e-mobility, and connected mobility. Wherever sensitive data are stored, potential security threats are never The CSB provides a collaborative platform for advancing far away. As a result, cybersecurity is one of today’s most strategic initiatives that address security issues and establish relevant issues, not just for companies but for society as a cybersecurity requirements and recommendations through- whole. Its relevance is only expected to increase, with cyber- out Siemens and its affiliated companies. In addition, a security becoming crucial for helping businesses safeguard collaboration agreement enables the Chief Cybersecurity critical infrastructures, protect sensitive information, and Officer at Siemens Healthineers to participate in the CSB. ensure business continuity. Having recognized early on that cybersecurity is an integral As one of Siemens’ strategic goals, the digital transformation part of the digital revolution, Siemens built a cybersecurity will only succeed if Siemens can be certain that connected organization both at the corporate level and in the busi- systems and the data contained within them will remain nesses and countries. All information security rules and secure. That is why Siemens places the highest priority on regulations at Siemens are documented and detailed in the cybersecurity. Cybersecurity Policy Framework. The framework outlines the roles and responsibilities and the rules and practices that Siemens’ products, solutions, and services contain a signifi- offer a guide for how Siemens and its business units protect cant amount of software and IT-related components and are information and business processes. often used in the context of critical infrastructures – which SIEMENS SUSTAINABILITY REPORT 2023 49