Cyber attacks | The speed of technological developments that constantly generate new challenges, the ever increasing frequency and intensity of cyber attacks and the attraction of critical infrastructures and strategic industrial sectors as targets underscore the potential risk that, in extreme cases, the normal operations of companies could grind to a halt. Cyber attacks have evolved dramatically in recent years: their number has grown exponentially, as has their complexity and impact, making it increasingly difficult to promptly identify the source of threats. In the case of the Enel Group, this exposure reflects the many environments in which it operates (data, industry and people), a circumstance that accompanies the intrinsic complexity and interconnection of the resources that over the years have been increasingly integrated into the Group’s daily operating processes. The Group has adopted a holistic governance approach to cyber security that is applied to all the sectors of IT (Information Technology), OT (Operational Technology) and IoT (Internet of Things). The framework is based on the commitment of top management, on global strategic management, on the involvement of all business areas as well as on the units involved in the design and management of our systems. It seeks to use cutting edge technologies, to design ad hoc business processes, to strengthen people’s IT awareness and to implement regulatory requirements for IT security. In addition, the Group has developed an IT risk management methodology founded on “risk-based” and “cyber security by design” approaches, thus integrating the analysis of business risks into all strategic decisions. Enel has also created its own Cyber Emergency Readiness Team (CERT) in order to proactively respond to any IT security incidents. Finally, in 2019, the Group also took out an insurance policy for cyber security risks in order to mitigate IT threats. |
Digitalization, IT effectiveness and service continuity | The Group is carrying out a complete digital transformation of how it manages the entire energy value chain, developing new business models and digitizing its business processes. A consequence of this digital transformation is that the Group is increasingly exposed to risks related to the functioning of the IT systems implemented throughout the Company, which could lead to service interruptions or data losses. |