Why It Matters
The confidentiality, integrity, reliability and security of information in all its forms are critical to our daily operations. Inaccurate, incomplete or unavailable information; external intrusions on information systems; or unauthorized access to information can damage and disrupt our business and have financial and reputational implications.
Our Approach
Our business strategy is enabled by an ambitious digital transformation program, which is why we continually update and accelerate our cyber security roadmap, ensuring we are keeping pace with both our evolving business initiatives and external threats.
Our cyber security approach means having many layers of protection for devices, transactions, data and people, complemented by rigorous, round-the-clock monitoring.
Making Progress on Key Initiatives
Over the past year, we have continued to make significant strides in protecting our network and sensitive data through enhanced cyber security capabilities and operational efficiency.
Our efforts include a comprehensive cyber risk awareness program for all staff, encompassing both backstage and retail personnel.
Additionally, we have strengthened identity and access management processes, improved third-party risk management, and enhanced incident response capabilities.
These initiatives ensure robust protection and resilience across our organization.
Attaining ISO Certification
We are on track to establish the framework and team alignment for achieving ISO27001 certification by fiscal 2027. This year we established the foundation for ISO27001 by drafting and publishing additional cyber security policies and standards; defining risk management and third-party risk management processes; and enhancing the security control library to support all planned digital transformation initiatives.
Leveraging Tools and Processes
We operate extensive and complex information technology systems that are vital to the successful operation of our business strategies. Our systems include advanced endpoint detection, response protection and monitoring, cloud security controls, threat hunting, threat intelligence, vulnerability management and 24/7 monitoring. We use a combination of complementary tools and technologies, along with threat hunting and threat intelligence, to ensure we can be proactive and react quickly. We incorporate well-defined playbooks into our incident response plans to ensure that defined processes are followed, and all relevant team members or stakeholders are mobilized. In addition, all projects undergo security risk assessments, such as threat risk assessment, vendor risk assessment and compliance impact assessment. We ensure that due diligence is carried out for all new and existing critical supplier partners.
Empowering Teammates to Be Cyber Safe
We place a strong focus on teammate awareness and training and on policies to govern the acceptable use of corporate devices and assets. Our Cyber Security Employee Awareness and Training program provides teammates with the knowledge to make informed decisions to protect our business from cyber threats. Training includes monthly targeted phishing campaigns, mandated modules, regular teammate communications on relevant cyber security topics, and digital signage.
