You are using an old version of your web browser.

Please note that the website might not function correctly using an outdated browser. We recommend updating your browser or using another one.

This site uses cookies to offer you the best user experience. By continuing browsing this site you agree to the use of cookies. Alternatively you may change your browser settings. For further information, please read our Privacy Notice.

I agree

Information Security and Cybersecurity

At Sampo Group, information security refers to the processes and tools designed and deployed to protect business information from modification, disruption, destruction, and unlawful inspection. Cybersecurity, on the other hand, comprises technologies, processes, and controls that are designed to protect systems, networks, and data from cyber threats. Information security and cybersecurity are both important factors in ensuring that Sampo Group companies are successful in their business operations.

Sampo Group companies are exposed to information security and cybersecurity risks due to the high quantity of sensitive data the companies handle and due to operations in countries with strict data protection regulations. Sampo Group acknowledges the risks related to information security and cybersecurity, and ensures that suitable training is provided to employees of the Group companies. All employees must adhere to the highest standards of information security and cybersecurity by following internal rules and guidelines, using appropriate tools, and acting responsibly.

The group-level guiding document on information security and cybersecurity is the Sampo Group Code of Conduct. In addition, each Group company has adopted more detailed policies and guidelines for their own commercial purposes. According to the Code of Conduct, the protection of information and the handling of information are given special attention, and requirements on information security and cybersecurity are set and expected to be met by internal and external stakeholders. Sampo Group companies are committed to performing regular risk analyses, conducting continuity planning, and having effective internal processes, high-quality systems, and infrastructure to ensure an adequate level of information security and cybersecurity preparedness.

Sampo Group companies are required to report severe information security incidents to the local authorities. The table below shows the incidents reported during the recent years.

Number of Information Security Incidents Reported to the Authorities, Sampo Group 2019 2018
Number of incidents reported to the authorities 0 2


Further information can be found in the Corporate Responsibility Report (page 37).

Updated 7 May 2020