Safeguarding information and digital infrastructure

The landscape of cyber warfare has shifted from sporadic threats to a pervasive global crisis, with international corporations now facing a relentless barrage of sophisticated attacks that threaten the very core of their information systems and critical networks. Sika has a strong organization in place to monitor, detect, and respond to such cyber risks. Cyber threats are amongst the top risks in Sika’s Enterprise Risk Management framework and are regularly assessed by the Board of Directors. The Sika Cyber Security Board headed by the CFO and including Head IT Sika Group, Head Sika Cyber Security and other selected stakeholders is responsible for risk management in cyber security.

Information security governance

The execution of Sika’s Cybersecurity Strategy is assigned to the Sika Cyber Security team who is responsible for ensuring that Sika employs the necessary technologies, processes, frameworks, and policies for a robust, effective and state-of-the-art cyber security function. The effectiveness of Sika’s cybersecurity framework is monitored continuously and reported to the Sika Cyber Security Board each quarter. Group Management monitors and approves actions, and reports on cybersecurity activities to the Audit Committee.

The company has put the following measures in place to reduce cybersecurity risk:

  • Comprehensive cyber incident management framework and processes for effective cyber response.
  • Constant assessments of cyber maturity.
  • Internal cybersecurity skills that are backed up by support from external specialists.
  • Internal IT security audits of local sites across the world according to Sika’s IT Audit framework based on the ISO 27001 standard.
  • Supply chain security audits.
  • Regular training of the Sika workforce on developments in cyber risks and how to counter these risks.

Cyber incident prevention, detection and response procedures

Sika operates an 24/7 in-house Security Operations Center to continuously monitor Sika’s security posture by detecting, analyzing, and responding to cyber security incidents worldwide including newest industry-relevant threat intelligence.

    Major incident response activities are addressed by the Sika Cyber Emergency Board according to procedures and plans laid out in the Sika Cyber Emergency Handbook. A Cyber Emergency Tabletop exercise is conducted on annual basis. Local responsibility for severe security incident preparation lies with each Sika company. Since the IT contingency plan is managed by local Sika companies, the disaster recovery and cyber emergency response procedures are documented locally, e.g., in Local Cyber Emergency Handbooks. Cyber Emergency tests are carried out locally and performed at least once per year.

    External verification and vulnerability analysis  

    Sika employs specific processes and technologies to identify and manage IT risks and vulnerabilities at multiple layers. Besides the multilevel simulations of cyberattacks in the form of penetration testing exercises, the company is using advanced detection and response capabilities, threat hunting, vulnerability and patch management processes, and scanning services for internal Sika IT infrastructure. For the services and infrastructure components exposed to the internet, external benchmark security rating services are used.

    Security awareness training

    Sika has evolved its educational security awareness framework into a continuous, multi-layered defense strategy. Beyond mandatory security training for all employees, Sika conducts regular simulated phishing exercises to test real-world vigilance and provides tailored training specifically designed to meet the unique security training needs and risk profiles of different user groups. This proactive approach is underpinned by Information Security and Acceptable Use Policies, ensuring a high baseline of security awareness across the entire organization.