Logo DSV

Prevention and cure

We dedicate significant time and resources to cyber security

DSV is reliant on IT. Virtually all our business and information is processed through IT systems. For that reason, system breakdown is a serious matter that can lead to significant losses and inconveniences – depending on the timing and length of the outage.
The threat from malware and phishing is real and increasing, and DSV has dedicated many resources to counter, monitor and control these threats. We are dedicated to minimising risk as much as possible - both organisationally and technically.
Our setup includes a Security Operation Centre whose purpose is to monitor, detect and report on any type of security event entering our systems, and we work with external cyber security partners to ensure that we include the latest knowledge in our countermeasures.
Furthermore, we have designed our data centres and network to be resilient to attacks – both physically and in terms of cyber-attacks.

A multi-factor defence

Our strategy has shifted towards detecting and containing rather than just shielding – because it’s impossible to keep out malware entirely. Anti-virus and intrusion prevention are still very much in place, but we have also introduced measures to prevent any intruding virus from spreading within our network.
At the same time, we are careful not to neglect the core aspect in case prevention fails. Disaster recovery is a key part of the overall plan, and our capabilities are constantly being improved based on the current level of threat.

Our employees are our first line of defence for protecting DSV Panalpina from potential information security breaches. Therefore, we have launched a global programme for our employees called Simply Secure. Our programme focus on correct employee behaviour to ensure a high level of security. The Simply Secure programme helps us to avoid the pitfalls of cybercrime, including phishing. The programme is aimed at everyone in the company, and creates awareness through monthly newsletters, e-learning, intranet news articles, and an online training platform describing various aspects within information security.

Even the best cyber security setup is no guarantee

In general terms, our cyber security approach is defined by the following key points:
  • Prevention technologies from market leading security companies
  • Segmentation of our global network to prevent any attacks from spreading to the entire network
  • Standardisation and consolidation of systems to ensure that our portfolio of systems is manageable and updated with latest security patches
  • Redundancy of data centres to ensure that we can keep operating even if one of our centres is hit
  • Defined and tested disaster recovery processes, in case our line of defence is breached
  • Major incident management procedures ensure that we can act fast in case of a cyber-attack
  • Governance, policies and controls are based on – but not limited to – the principles of international standards such as ISO27001, ISO27002 and SANS Critical Security Controls
Needless to say, there are a lot of processes and procedures under this framework, and it is important to highlight that even the best cyber security setup provides no guarantees.

We strive to communicate openly and transparent to our customers when it comes to cyber security. Therefore, we have engaged with our external IT Auditors to validate that we perform our cyber security promise to our customers. The validation is performed through the internationally recognised ISAE 3402 Type 2 format which provides a unique insight which we are proud to share upon request.

Any questions?

Contact Thomas Zakarias, CISO / Senior Director, Group IT Compliance

Thomas Zakarias, CISO / Senior Director, Group IT Compliance