Segurança da Informação
Cyber Security
KODS 2030
100% of direct and indirect employees included in the digital language necessary to support the cybersecurity culture, ensuring the protection of personal and company data
Percentage of direct and indirect employees included in the digital language
| Category | 2022 | 2023 | 2024 | 2025 (Preview) | 2030 Goal |
|---|---|---|---|---|---|
| Total number of direct employees | 18,394 | 17,739 | 18,495 | 18,827 | |
| Total number of indirect employees | 2,200 | 2,400 | 4,686 | 3,007 | |
| Trained direct employees | 10,739 | 15,864 | 14,687 | 14,541 | |
| Trained indirect employees | 726 | 960 | 3,165 | 717 | |
| % of trained direct employees | 58.4% | 89.4% | 79.4% | 77.2% | 100% |
| % of trained indirect employees | 33.0% | 40.0% | 67.5% | 23.8% | 100% |
In 2025, Klabin continued its phishing simulation campaigns and disseminated content related to cybersecurity on the Minha Klabin Portal (Intranet), raising awareness of the topic at different levels of the organization. A new cybersecurity video was produced, and actions such as the dissemination of cybersecurity guidance material targeted at senior management and executives at the Managers’ Convention were developed. The Company also developed a specific training track for the automation team, available on the internal training platform, ENK Portal, and a workshop in partnership with the legal department on the topic of privacy and information risk classification.
| Category | 2023 | 2022 | 2021 | 2020 |
|---|---|---|---|---|
| Number of complaints received from external parties and proven by the organization | 0 | 0 | 0 | 0 |
| Number of complaints from regulatory agencies | 0 | 0 | 0 | 0 |
| Total number of identified leaks, thefts, or losses of customer data | 0 | 0 | 0 | 0 |
Klabin has an incident management process that addresses privacy issues, as well as a platform called Privacy Manager, which manages LGPD processes. The Company also has a complaints channel, confidential and mediated by a third party. The channel did not register complaints related to breaches of privacy and/or loss of customer data in 2023.
The Cybersecurity Policy and Primer are Klabin’s official documents that guide employees on the posture, good practices, and duties required to maintain an environment with a reduced risk against cyber attacks. All the content was developed based on the framework of the ISO27001 and IEC62443 standards, focusing on the following main topics:
1 – Information classification;
2 – Confidentiality and privacy;
3 – Work environment;
4 – Internet access;
5 – Social media;
6 – Email and communication apps;
7 – Intellectual property;
8 – Access;
9 – Backup;
10 – Incident.
Cybersecurity Management is headed by a Chief Information Security Officer (CISO), who is accountable to the Information Technology Board, which in turn is accountable to the Executive Board and the Board of Directors. The topic is included in the Company's risk assessment and all initiatives are guided by standards, frameworks, and legislation applicable to the segment, such as: IEC:62446, ISO27001, NIST, CIS, LGPD, Brazilian Civil Rights Framework for the Internet. All this governance was designed to support control initiatives in the quest to reduce cybersecurity risks and ensure the confidentiality, integrity, availability, and authenticity of information with an integrated vision of the administrative and industrial environment.
Cybersecurity is responsible for identifying, assessing and reporting legal and regulatory, IT and cybersecurity risks, while supporting and promoting business objectives. During the process of creating the cybersecurity journey, aligned with Klabin's strategic drivers and market references on security, an internal framework was developed that objectively addresses these challenges and supports the digital transformation.
Mission: to ensure the confidentiality, availability and integrity of Klabin's information through innovative processes and solutions that provide real results for the business and allow for the trust of customers, employees, society, and shareholders to be maintained.
Vision: to add value to the organization's image by increasing cybersecurity through efficient risk management with a focus on confidentiality, availability, and integrity of the information in the administrative and manufacturing environment.
The year 2023 confirmed the expectations of the escalation of attacks that affected various segments of society. In a volatile economic and political scenario, where practically everything, from banking transactions to factory monitoring, has become digital, companies seeking strategic advantages have come to rely on technologies such as artificial intelligence, cloud, telecommunications, and machine learning. In its process, Klabin establishes priorities based on risks and reinforces response strategies, cyber resilience, and unification of control technologies.
Updated and verified on: 22/12/2025