PROMINENT ROLE FOR CYBERSECURITY

Cybersecurity is a hot topic and crucial for protecting data and sensitive information. A successful cyberattack can lead to data theft, financial losses, reputational damage and even business closure. That is why we are investing in robust
cybersecurity measures so that we properly protect our data, ensure business continuity and maintain our customers' trust.

REDUCE RISK AND PROMOTE RESILIENCE

Zijderlaan's policy in this area is set forth in the Cybersecurity Strategy 2024. This strategy is all about reducing risk and promoting resilience. This has given security a prominent role within our overall ICT policy. Some examples of changes we have already implemented in recent years are: Multi-Factor Authentication, Endpoint Protection Management, Geofencing, automated updates and firewalls and awareness training for our employees. These steps belong to what is known as Security by Default, which is created by taking all processes to a higher maturity level, and Privacy by Design, where we consider data protection from the very beginning in the "design". In addition, we have periodically participated in phishing campaigns and have penetration tests performed once a year.

MONITOR AND ANTICIPATE

Our cybersecurity strategy is based on a combination of cybersecurity guidelines. Our framework consists of 4 phases:

1. Identify
2. Protect
3. Detect
4. Recover

In doing so, keeping "continuous visibility" runs like a thread through this process. By continuously measuring the activity of the network, our users and systems, we can monitor the effectiveness of our cybersecurity measures. Under the
assumption that security incidents are inevitable, it is necessary to detect, respond to and remediate the potential intrusions in a timely manner. There are examples of companies in transport & logistics that have been hit by an attack and were only able to resume their operations after (over) a week, often after paying a 'ransom'. This is why we will continue to invest in ICT and especially security in the coming years. Important here is a clear ICT policy and the ability to anticipate threats and attacks. We continue to perform regular risk analyses and investigate the impact of possible risks. This enables us to take the right measures, appropriate to our organization. In addition, we make backups of our data in various ways and test them regularly, thus preventing the loss of valuable information and enabling us to recover quickly if our data is compromised.

FOCUS

The ambitions for the coming years are mostly determined by rapid technological developments and threats. Our focus will include separating and categorizing data to reduce risks, as well as also looking at further automating crucial, primary processes.