Cyber Security

At JSW Steel, we have implemented a comprehensive cybersecurity framework to protect sensitive corporate data and operational technology (OT), ensuring integrity, confidentiality, and availability of information assets. Led by the Chief Information Officer, our approach includes ISO 27001:2013 compliance, next-generation firewalls, unified threat management systems, and the Purdue model for secure IT-OT communication. We conduct regular vulnerability assessments, penetration testing, and cloud security risk reviews, alongside continuous monitoring and phishing simulations. Advanced measures such as dark web monitoring, Endpoint Detection & Response (EDR), Network Access Control (NAC), and multi-factor authentication (MFA) for critical services strengthen our defenses. Additionally, we subscribe to cyber insurance, deploy DDoS prevention mechanisms, and run awareness programs across all locations to mitigate evolving threats. These initiatives collectively enhance resilience and safeguard business continuity in an increasingly digital world.

Our Approach

Cybersecurity is pivotal in fortifying our digital infrastructure against evolving threats. Guided by a proactive strategy overseen by our Chief Information Officer and the Risk Management Committee of the Board, we ensure robust protection for our operations.

Comprehensive Risk Management

We conduct rigorous assessments to identify and mitigate vulnerabilities and breaches, safeguarding our critical assets and information

Adherence to industry standards

Aligned with ISO/IEC 27001:2013 and other best practices, our cybersecurity framework ensures resilience and compliance

Policy-driven security

Our Cyber Security Policy, delineates responsibilities and protocols, fostering transparency and accountability

Continuous enhancement

Through ongoing upgrades and proactive measures, we stay ahead of emerging threats, bolstering our cybersecurity infrastructure

We conduct regular vulnerability assessments, penetration testing, and cloud security risk reviews, alongside continuous monitoring and phishing simulations. Advanced measures such as dark web monitoring, Endpoint Detection & Response (EDR), Network Access Control (NAC), and multi-factor authentication (MFA) for critical services strengthen our defenses. Additionally, we subscribe to cyber insurance, deploy DDoS prevention mechanisms, and run awareness programs across all locations to mitigate evolving threats. These initiatives collectively enhance resilience and safeguard business continuity in an increasingly digital world.

About us

Our Offerings

Overview

Financial Information

Governance and Regulatory Information

Investor Information

Sustainability

Environment

Social

Governance

Careers

Our Approach

Comprehensive Risk Management

Adherence to industry standards

Policy-driven security

Continuous enhancement