The risks discussed in this section are as follows:
The speed of technological developments that constantly generate new challenges, the ever increasing frequency and intensity of cyber attacks and the attraction of critical infrastructures and strategic industrial sectors as targets underscore the potential risk that, in extreme cases, the normal operations of companies could grind to a halt. Cyber attacks have evolved dramatically in recent years: their number has grown exponentially, as has their complexity and impact (theft of company data on customers), making it increasingly difficult to promptly identify the source of threats. In the case of the Enel Group, this exposure reflects the many environments in which it operates (data, industry and people), a circumstance that accompanies the intrinsic complexity and interconnection of the resources that over the years have been increasingly integrated into the Group’s daily operating processes.
The Group has adopted a holistic governance approach to cyber security that is applied to all the sectors of IT (Information Technology), OT (Operational Technology) and IoT (Internet of Things). The framework is based on the commitment of top management, on global strategic management, on the involvement of all business areas as well as on the units involved in the design and management of our systems. It seeks to use cutting edge technologies, to design ad hoc business processes, to strengthen people’s IT awareness and to implement regulatory requirements for IT security.
In addition, the Group has developed an IT risk management methodology founded on “risk-based” and “cyber security by design” approaches, thus integrating the analysis of business risks into all strategic decisions. Enel has also created its own Cyber Emergency Readiness Team (CERT) in order to proactively respond to any IT security incidents.
Finally, back in 2019, the Group also took out an insurance policy for cyber security risks in order to mitigate IT threats.
|Digitalization, IT effectiveness and service continuity||
The Group is carrying out a complete digital transformation of how it manages the entire energy value chain, developing new business models and digitizing its business processes, integrating systems and adopting new technologies. A consequence of this digital transformation is that the Group is increasingly exposed to risks related to the functioning of the IT systems, which are integrated across the Company with impacts on processes and operations, which could expose IT and OT systems to service interruptions or data losses.
These risks are managed using a series of internal measures developed by the Global Digital Solutions (GDS) unit, which is responsible for guiding the Group’s digital transformation. It has set up an internal control system that introduces control points along the entire IT value chain, enabling us to prevent the emergence of risks engendered by such issues as the creation of services that do not meet business needs, the failure to adopt adequate security measures and service interruptions. The internal control system of the Global Digital Solutions unit oversees both the activities performed in-house and those outsourced to external associates and service providers. Furthermore, Enel is promoting the dissemination of a digital culture and digital skills within the Group in order to successfully guide the digital transformation and minimize the associated risks.