Cyber security

Our dedicated information security department is led by the Chief Information Security Officer (CISO), who is responsible for Formue’s security program & strategy. We’ve invested significantly in competent employees and leading cyber security systems to ensure effective protection of customer information and digital assets.

Security is incorporated into all business processes and day-to-day work. We’ve implemented the following security controls to safeguard customer information and digital assets during storage, processing, and transmission: Two-factor authentication, strict password requirements, access management, data encryption, secure document handling processes, AI-powered email filter to protect against sophisticated phishing attacks, backup and recovery testing, business continuity planning, as well as an external managed Security Operations Centre (SOC) for 24/7 security alert monitoring, investigation and incident response.

We closely monitor developments in the cyber threat landscape in order to be at the forefront of new security vulnerabilities and threats.

Our extensive cyber security training and awareness program ensures that employees follow the company’s routines for protecting customer information. Continuous awareness has fostered a security culture that enables our staff to consider security in their daily work and identify and report security weaknesses as quickly as possible. Phishing tests are conducted regularly, as well as annual security training and a security culture survey to identify areas for improvement.

The suppliers we work with are assessed from a security & privacy perspective to ensure that security and GDPR requirements are met to minimize potential risks.

To ensure our security controls and processes work effectively and in line with best practice, Formue undergoes annual audits carried out by independent security specialists. This includes tests that simulate cyber-attacks to identify and address potential weaknesses.