Robust cyber and information security are fundamental to safeguarding data privacy, ensuring controlled access to IT systems and networks, and helping maintain the trust of our stakeholders.
We employ rigorous processes, advanced technologies, and strict data-handling practices to prevent system failures and major security incidents. Cyber and information security have been identified as material risks for the company and are reviewed annually by each of the Audit & Risk Committee and the Board of Directors. To mitigate potential financial exposure, dsm-firmenich maintains cyber insurance coverage.
We recognize the importance of transparency regarding the impact of geopolitical and macroeconomic uncertainties on our business model, financial performance, and sustainability objectives. The global environment continues to evolve rapidly, shaped by factors such as ongoing armed conflicts, trade barriers, volatility in energy and commodity markets, supply chain disruptions, and the rising frequency and sophistication of cyber threats. We address these factors by integrating cybersecurity governance and risk management into our broader resilience framework. We apply a data-driven approach to risk management, continuously monitoring, measuring, and refining our risk exposure and corresponding cyber controls. This is supported by a robust governance structure based on a three-tiered defense model, which ensures clear accountability and enhances our ability to detect, prevent, and respond effectively to emerging threats.
Recognizing the growing influence of artificial intelligence in both operational processes and threat landscapes, we have strengthened our governance approach to address AI-driven risks. This includes proactive measures to mitigate adversarial attacks on machine learning models and the deployment of adaptive controls to safeguard against emerging, AI-enabled cyber threats. By integrating these considerations into our governance framework, we ensure resilience and accountability in an increasingly complex digital environment.
We remain on track to achieve NIS 2 directive compliance, expected in the first half of 2026, while closely monitoring evolving national regulatory guidance and implementation timelines. Oversight of Information security is maintained at the executive level through the Chief Information Security Officer (CISO), supported by continuous monitoring of information security incidents. All employees complete mandatory annual training on information security to foster awareness and strengthen the company’s overall resilience.
In 2025, the company experienced no major cyber incidents.