Iberdrola with cybersecurity

Iberdrola, committed to cybersecurity

Internet Informatics Cybersecurity

At Iberdrola, as a leading company in innovation, transformation and digitalization, we attach strategic importance to cybersecurity, which is essential to evolve and provide increasingly secure services and operations in all the geographies in which we operate and in an increasingly complex ecosystem and threat landscape.

Our main objectives are:

Protect our critical infrastructures

Guarantee the reliability and quality of the energy supply

Protecting the data of our customers and other stakeholders

Ensure the integrity and confidentiality of financial and business information

Protecting the Iberdrola Group's brand and reputation

This strategic importance is supported by the commitment and involvement of the Group's Senior Management, aware of the importance of leading the digital transformation in the energy sector, and in which proper management of cybersecurity risks is essential. 

This commitment is expressly expressed through a Cybersecurity Risk Policy reviewed, updated and approved annually by the Board of Directors, which promotes a strong cybersecurity culture and contributes to strengthening our capabilities to protect, detect, prevent, defend and respond to possible attacks or incidents.

Iberdrola's cybersecurity strategy

The Iberdrola Group's global cybersecurity strategy focuses on integrating cybersecurity into business operations and decision-making and is based on:

  • a  governance model, which establishes updated standards, frameworks and criteria for protection adapted to the environment and its evolution, as well as coordination and decision-making bodies for the integration of cybersecurity into decision-making processes: 
    • Cybersecurity committees, global and local, chaired by the corresponding CISOs and in which all businesses and areas are represented, where cybersecurity standards, frameworks and models are shared, discussed and approved. 
    • A committee made up of the Group's CEO, the global CEOs of the businesses and the CEOs of all the subholdings that meets quarterly to learn, decide and promote specific cybersecurity initiatives and plans in their respective areas of responsibility linked to the Group's strategic plans.
  • an organizational structure that has cybersecurity managers (CISOs), global and local (Group, subholdings) and within each business and corporate area (global and local BISOs) with clearly established roles and functions,
  • a model of objectives linked to remuneration that incorporates specific cybersecurity objectives in all businesses and corporate areas, and at all levels, including senior management and CEOs of the Group's companies,
  • culture, awareness-raising and training programmes aimed at all levels, areas and functions of the organisation,
  • comprehensive risk management plans, prioritizing critical infrastructure and essential services;
  • state-of-the-art technology resources and global and local cybersecurity incident response teams that are always operational to minimize the impact on business objectives and the continuity of essential services,
  • robust mechanisms for the supervision and assurance of critical and high-risk cyber infrastructures to ensure compliance with internal cybersecurity rules and applicable external regulations, which are regularly reported to the Audit and Risk Supervision Committees and the Boards of Directors, both of the Holding Company and of each of the Group's subholdings;  
  • permanent and close collaboration, both internally between businesses and cybersecurity managers, and externally with regulators, government agencies, suppliers, companies and think tanks.