Cyber risks

As a company, we have a responsibility towards clients to handle their assets and information carefully. Through the progressive digitalisation of the banking business, the risks and necessary protective measures are also changing. Protection against cyber attacks has top priority and can only be guaranteed through state-of-the-art IT systems and trained and aware employees.

The Group Information Security Department formulates, implements and maintains our information security programme. The principles and guidelines on which this is based are specified in directives that are binding throughout the Group.

The assets and information entrusted to us are protected by coordinated processes and systems. Specialists continually analyse the latest risks arising from cyber threats and implement appropriate counter measures. The LLB Group’s virtual Cyber Security Incident Response Team (vCSIRT), which has been operational since 2017, provides 24/7 cyber incident detection and initiates defensive measures. In July 2018, the Group Information Security Department became part of the Group CFO Division. This facilitates cooperation with those responsible for risk management and risk reporting, and allows us to use synergies in these areas.

Fraud detection system

Working in cooperation with a technology partner, we have developed a self-learning fraud detection system for payment systems. Once the data for a mobile or online payment order has been entered, the system checks against various criteria as to whether it could be a fraudulent payment. If the system detects any risks, then different security levels are activated or payments are blocked.

Raising awareness among employees

Handling client data and information responsibly is an integral part of LLB’s corporate culture. Training courses for employees have been held regularly since 2014.

LLB uses a learning game with the innovative gamification approach to raise employees’ awareness of cyber security issues. Through mandatory IT security training, employees who have less affinity with technology are taught how to deal with phishing, distributed denial-of-service (DDoS) attacks, social engineering and the like in a fun way.