GR

Cybersecurity

Being safeguarded against cyberattacks.

Adopting international security standards

We are certified to and follow the ISO27001 Information Security Management System, integrating new standards:

  • ISO27701 (Privacy Information Management).
  • ISO27017 (Information Security Controls for Cloud Services).
  • ISO27018 (Protection of Personally Identifiable Information in Public Clouds).

In addition, the Cybersecurity and Information Security and IT Business Areas are certified to ISO20000 (Bureau Veritas) and to ISO22301 (TÜV Austria). Moreover, Alpha Bank has been certified to the PCI DSS and SWIFT CSCF security standards.

What we accomplished in 2023

Employees who attended the cybersecurity awareness programme
5000+

Taking steps to prevent and address cyberthreats

Integrating cybersecurity in our governance

The Cybersecurity and Information Security Business Area is responsible for formulating and overseeing the policy, procedures and mechanisms related to cybersecurity and information security. It implements the 2021-2023 Strategic Plan based on the model for Cyber Maturity Assessment.

Training our people

In 2023 we provided a sophisticated cybersecurity and information security awareness and training programme to more than 5,000 employees. The programme focused on key cybersecurity issues and current cyberthreats.

Officers from Cybersecurity and Information Security attended dedicated information security training courses and were certified as per international standards.

Addressing cyberthreats and cybersecurity incidents

We carry out information security risk assessments on crucial systems and applications, in partnership with the Bank’s Business Areas and the Group’s subsidiaries.

Alpha Bank’s Cybersecurity Incident Response Team (Alpha Bank CSIRT) expanded its on-premises visibility and monitoring coverage, as well as capabilities for cloud services, and is applying the Cyber Threat Intelligence Framework.

The Team shares critical intelligence information on current threats with national and international organisations:

  • National CSIRT (Hellenic Ministry of Defence).
  • National Cybersecurity Authority (Ministry of Digital Governance).
  • FIRST (Forum of Incident Response and Security Teams).
  • FS-ISAC (Financial Services Information Sharing and Analysis Center).

Protecting user identity and access

We endeavour to keep improving Identity and Access Management (IAM) Governance by:

  • Developing and designing modern authentication methods
  • Performing regular user access reviews

Improving our infrastructure

We launch cloud design and implementation initiatives, and adopt new agile methodologies for our daily functions and operations. Moreover we:

  • Improve our network monitoring and perimeter defence.
  • Enhance our web protection capabilities by using threat intelligence feeds to periodically align infrastructure configurations.
  • Implement horizontal protection measures for cloud environments.
  • Enhance our endpoint security.

Discover our ESG pillars

Environment
We have adopted a responsible Environmental Policy and an advanced Environmental Management System, aiming at protecting the environment and mitigating climate change.
LEARN ABOUT THE ENVIRONMENT
Society
Standing by the society where we operate, we ensure all people enjoy equal access to healthcare services and cultural activities. We care for our people and offer equal opportunities to all.
FIND OUT ABOUT SOCIETY
ESG reporting hub
Through well-rounded reporting, we advocate transparency and accountability. We track our financial, environmental and social performance, and comply with the international standards and regulations, providing comprehensive and reliable disclosures.
FIND ESG REPORTS