IT risk

At Volkswagen, a global company geared towards further growth, the information technology (IT) used in all divisions Group-wide is assuming an increasingly important role. IT risks exist in relation to the three protection goals of confidentiality, integrity and availability, and comprise in particular unauthorized access to, modification of and extraction of sensitive electronic corporate or customer data as well as limited systems availability as a consequence of downtime and disasters. Handling data with integrity ensures that it is correct and uncorrupted, and that systems function without error.

The high standards we set for the quality of our products also apply to the way in which we handle our customers’ and employees’ data. In particular, the digital services for our mobility services must be secured. Our guiding principles are data security, transparency and informational self-determination.

We address the risk of unauthorized access to, modification of, or extraction of corporate and customer data with the use of IT security technologies (e.g. firewall and intrusion prevention systems) and a multiple-authentication procedure. Additionally, we increase protection by restricting the allocation of access rights to systems and information and by keeping backup copies of critical data resources. Redundant IT infrastructures protect us against risks that occur in the event of a systems failure or natural or other disasters.

We used commercially available technologies to protect our IT landscape, adhering to standards applicable throughout the Company. We future-proof our IT through continual standardization and updates. Continuously increasing automation enhances process reliability and the quality of processing.

The further development and Group-wide use of IT governance processes, particularly the further standardization of the IT risk management process, also helps to identify risks at an early stage and reduce them effectively.

The focus of our IT security program is the ongoing enhancement of Group-wide security measures. This currently includes the setting up of an IT security command center. The center’s role is to detect cyber-attacks quickly, helping us to successfully defeat them using the latest tools. Volkswagen complements these technical measures by systematically raising awareness and providing training for employees.