Principal risks, cyber security and description of measures taken during the year

Trifast plc – Annual report – 31 March 2020

Industry: manufacturing, distribution

Risk management (extract 1)

Risk management (extract 2)

Cyber security

Every year, the scale of attack increases and the impact intensifies across the globe. With this in mind, we have been addressing the key cyber-security challenges that Trifast plc faces.

As we embrace our digital transformation to the cloud, it has created new and unanticipated risks. This translates into a growing cyber-attack surface, which requires modern measures to counteract the threats faced in our new cloud-based landscape.

Following a year of logical and physical risk assessments, our focus has been to resolve new vulnerabilities identified across the Group. This has led to the requirement of additional staff to create our first Information Security Operations Centre (ISOC). Security information and event management data is now identified, analysed and investigated to prevent attack or intrusion.

Over the past year, the Group has seen a significant increase in phishing attacks. These attacks have now become more sophisticated and persistent due to our cloud exposure.

In response to the global digital transformation, the ever-changing set of security and privacy regulations provided by governments has increased, compounding the difficulty of managing cyber risks. On 1 June 2017, China implemented the Cybersecurity Law of the People’s Republic of China, providing heightened regulatory oversight across the internet and network domains for mainland China. A proposed update in December 2019 would have had a dramatic effect on the right to remove data from China. At present, the update is yet to be enacted, but we will continue to review security and privacy legislation in China and other countries across the globe.

TR Fastenings UK (TRF) achieved the renewal of its cyber security certification on 15 March 2020. The HM Government Cyber Essentials scheme is designed to help UK organisations improve their defences and publicly demonstrate their commitment to cyber security. The certification means that TRF is now qualified to bid for government and other highly sensitive contracts, due to its exceptional standard of base controls in cyber security. This certification is not only evidence of our credibility in cyber security, but also our dedication to quality and integrity when it comes to customer information.

Our continued efforts in information security rewarded us with the achievement of our third-year certification from the British Standards Institution (BSI) for Information Security Management System (ISO/IEC 27001:2013). Achieving the renewal shows our commitment to information security. It demonstrates that we continue to employ a management framework of policies and procedures that helps to keep our information secure and provides confidence to business customers and partners.

In order to keep our staff safe and meet regulatory requirements, we have implemented a new security awareness training portal. Our new innovative technology fuses psychology and behavioural science with artificial intelligence to transform cyber security and data protection awareness. Our education is now GCHQ and IISP accredited to improve security behaviour and attitude within Trifast plc.

The security challenges highlighted above clearly point to the fact that our digital transformation provides us with great opportunities but also great risks. To mitigate these risks, we must exercise vigilance over the constantly changing global cyber landscape. As an organisation we must stay informed, be proactive in our defence and threat intelligence, and above all, be prepared for a cyber-attack.