Data and infrastructure protection

Protecting a company and the data it uses against cyberattacks is a core task in multiple areas. First of all, it is about the trust of customers, employees, partners, and, ultimately, society as a whole. Secondly, business-relevant processes and, consequently, economic interests are also at stake.

Körber's employee working on cybersecurity and data protection.

At Körber, responsible, proactive handling of cyber risks is a cornerstone of sustainable corporate governance.

When dealing with cyber risks, we view the issue of information security from both a business perspective and from that of our clients and the market. “From a business viewpoint, we need operational processes that are resilient against cyberattacks,” affirms Andreas Gaetje, Chief Information Security Officer. “We wish to be a dependable, trustworthy partner for our customers. At the same time, the market expects improved security for digital products in light of increasing connectivity in production.”

Jan-Christian Kaiser, Head of Security Governance, Körber Group

“With our internal cybersecurity awareness campaign, we pursue a clear goal: putting our strategic objective information security into action and transforming our colleagues into security ambassadors. This involves but is not limited to raising awareness, encouraging dialog, and ultimately bringing about changes in our colleagues’ behavior.”

Jan-Christian Kaiser

Head of Security Governance, Körber Group

United for greater security

Körber female employee working at the office on data and infrastructure protection issues

To counter the steadily rising threat posed by cyberattacks, we have professionalized our structures over the past five years. A crucial move in this regard was making information security an integral part of corporate strategy in 2022, thus establishing it as a top priority at group level. “We started building a suitable organization, developing frameworks, and implementing tools in 2019. 

Including information security in our corporate strategy has sped up our progress significantly”, reports Andreas Gaetje, Chief Information Security Officer. “It still makes me proud that the first IT tool implemented across the Group was a security tool. Today, our corporate slogan of ‘stronger together’ holds true for this issue too.” 

Dimitrios Iatrou, Head of Cyber Defense Center, Körber Group

“With the increasing frequency of cyberattacks globally, a modern Cyber Defense Center is essential for Körber to evaluate threats and vulnerabilities, monitor security events, and take countermeasures to protect us and secure the company's digital offerings.”

Dimitrios Iatrou

Head of Cyber Defense Center, Körber Group

Today, we have a matrix organization with security officers and even feature our own sub-organizations within the Business Areas. These are tasked with implementing all security actions decided on a group level in the Business Areas. They also handle any local issues and refer them back to the group-wide department, as necessary.

We divide the group-wide topics among three areas: The Security Governance Area handles policies, frameworks, awareness, strategic expertise, and risk management and compliance. The second area is the Cyber Defense Center (CDC), whose specialists check Körber’s systems for suspicious activity twenty-four hours a day. In 2023, the CDC already monitored more than 80 percent of the total IT infrastructure in this way. A third area is Application Security. This team attends to security aspects in software products developed within the Körber Group.

Sustainability statistics


Exceptionally secure

After introducing the security guideline framework and the security organization on a group and business area level in 2019, we then established a ‘Corporate Guideline Information Security’ and an information security management system (ISMS) before starting to build up the CDC in 2020. When we rolled out a standardized security stack across the group in 2021, we created a structure which allowed us to professionalize and further develop Group IT security. 

We focused on improving the maturity level of our information security for 2023 and 2024. This includes expanding preventive measures as well as optimizing security processes or actions to boost OT security. “We made significant progress in 2023,” reports Kaiser. “Examples of this advance are the excellent CyberVadis rating and ISO 27001 certification. We thus also have objective proof for the exceptional standard of our security solutions to show the outside world.”

Gold rating 2023 by CyberVadis

‎ Gold from CyberVadis

As the world’s largest provider of sustainability ratings, EcoVadis launched CyberVadis in 2017 to assess third-party cybersecurity risks. The methodology aligns with major international standards, and companies can share their ratings to showcase cybersecurity performance. In 2023, parts of Körber Group’s IT landscape received the CyberVadis Gold rating on our first assessment, scoring an outstanding 914/1,000 points. CyberVadis also awarded us its “Mature” designation – the highest status – for excellence in confidentiality, integrity, and data availability.

Because it affects everyone ...

Raising awareness about information security was a major focus for the work in 2023. “Our employees are the first point of entry and the first possible line of defense against cyberattacks,” affirms Gaetje. “That’s why raising awareness and training for Körber employees form a key component in our multi-year cyber resilience program. Our in-house motto ‘we protect what we create’ is intended to show our colleagues that every individual is crucial for combating attacks.” In view of this context, we implemented numerous measures in 2023 as part of an in-house information campaign to raise awareness and encourage dialog among employees. Among other things, these included the Cybersecurity Week, a newsletter and intranet messages on the security matters, establishing a cybersecurity community, appointing ambassadors, and creating little games which enhanced consciousness and knowledge of information security in an app.

“These activities enabled us to successfully heighten awareness among colleagues in 2023,” explains Sarah Kwaschnik, Senior Manager Group Communications at Körber. "The next phase of mobilizing employees has started for us now. During this process, we’re significantly improving communication on a group level and in the Business Areas once more with the consistent aim of increasing knowledge and awareness to bring about changes in behavior.”

Körber's employees smiling in a conference room
Körber's employees working on a computer screen on cybersecurity issues

Cybersecurity Week: Full focus on awareness

Cybercrime is constantly on the rise in an increasingly digitized world. The financial and legal risks are a real threat, something which also affects Körber. Hackers tend to target employees to steal login details or infiltrate malware into the network. This means that employees are the first line of defense against cyber threats such as phishing or social engineering. 

To ensure defenses are as effective as possible, Körber provides suitable training and held its first Cybersecurity Week for employees in October 2022. During the second edition in October 2023, some 700 colleagues participated in virtual events to learn more about the world of cyber threats and how they can protect our company and its work on a day-to-day basis. Topics at the event included using AI to deal with threats, secure software development, and cybersecurity as a competitive advantage with clients. Participants experienced these topics first hand with interactive formats such as live hacking sessions, including deep dives for developers and software engineers.