>55 training sessions on cybersecurity
0 noteworthy cybersecurity incidents
Metrics Definitions and Methodology
The measurement of all metrics below is validated by an external body during the yearly ISO 27K audit assessments to evaluate the effectiveness of the implemented ISMS operations.
The number of training sessions on cybersecurity refers to the number of training sessions, e-learning programs, and email phishing awareness campaigns conducted, and to the number of MyNews and blog articles released. These vary in frequency depending on the training subject – from monthly (e.g., for new hires) to annually (mandatory e-learning).
The number of noteworthy cybersecurity incidents refers to incidents defined by given legal conditions (from the Network and Information Systems Directive) which OMV, as a critical infrastructure provider, is obliged to report.