7. Information security risk

Protection against cyber threats remains a top priority for VP Bank. This protection is ensured by modern IT systems, robust processes and trained and sensitised employees. The requirements for information and cyber security are set out in a company-wide policy approved by the Board of Directors, which defines clear governance structures and responsibilities and follows a risk-based, holistic approach based on internationally recognised standards such as the ISO 27000 series and NIST. VP Bank places particular emphasis on the prevention and identification of vulnerabilities, continuous trend and risk analyses, strengthening cyber resilience and effective incident, crisis and disaster recovery management. Cyber threats are subject to ongoing analysis and appropriate defensive measures are taken depending on the risk. The bank ensures a high level of security through targeted vulnerability management and regular penetration tests. In addition, all employees complete mandatory annual cyber security training to ensure uniform security awareness and consistent compliance with guidelines.