Arbonia can only maintain its IT security together with its employees and thus protect the Group's operating activities and competitiveness against damage: The security awareness programme under the motto "THINK BEFORE YOU Click.Post.Type." helps employees to successfully recognize real threats and potential attacks and react to them correctly – in both their business and private lives.

Together for more IT security

Increasing networking, digitisation, and the Internet are leading to a rapid rise in cyber crime. The threat situation has become even more acute and also more complex. Attacks on the digital infrastructure and on the data of the Group can lead to outages and supply bottlenecks and thus to considerable financial losses. An adequate information protection cannot be achieved by technical measures alone; rather, it depends on the employees' behaviour and handling of data and information systems. Arbonia employees are a central link in the security chain in the area of cybersecurity and must assume corresponding responsibility. The most common attack tool for cyberattacks is e-mail – followed by social engineering (manipulating or influencing a person) and the Internet. For this reason, it is extremely important to recognise, avoid, and report suspicious sources. With targeted measures to strengthen so-called cyber resilience, Arbonia tries to reduce the risk of cyber attacks to an absolute minimum. The Group pursues a comprehensive security approach with technical measures, processes, guidelines, and standards, the observance and implementation of which is checked on the Group level by the in-house ICT security officer and the officer's team. The goal is to prevent cyber attacks of all types and to increasingly train and sensitise employees about this topic. The comprehensive security approach in the context of the information security strategy is continually checked via audits and penetration tests.


The security awareness campaign under the motto "THINK BEFORE YOU Click.Post.Type." contains various elements. Arbonia took a variety of measures in the course of the campaign, for example, training courses. In this context, employees were invited to participate in various awareness and training units, whereby in-depth training courses were provided specially for IT administrators and other exposed persons. These training courses provide information on the secure handling of data and information systems and aim to make everyday life more secure. At the same time, Arbonia called attention to security issues and threats with various poster subjects. For practical implementation, employees received an anti-phishing button as an Outlook extension that they could use to report a possible threat to the IT department with only a few clicks. To prepare and sensitise employees for an emergency, they also randomly received various phishing e-mails during the reporting year.

On the basis of a high cyber resilience and e-mail security, Arbonia generally strives not to experience any safety-critical events and thus to ensure a smooth course of business. For this purpose, penetration tests or attack simulations are also carried out and the results are used as the basis for continuous improvement. To manage security, for example, the cyber maturity is measured using defined standards. Further improvements and key performance indicators will follow in connection with upcoming projects such as, for example, the development of SIEM incidents (Security Information and Event Management).