Security Governance at Prosus

Our businesses generate most of their revenue through platforms. Our platforms operate in the e-commerce sector and have the personal information of billions of users. We are committed to ensuring our businesses and the platforms they operate are sustainable and resilient, so they can continue operating long term and recover fast if disrupted.

For the group, cyber security is considered high on our list of material matters, particularly from a double materiality perspective: to the business and to our customers. Given the importance of cybersecurity to our businesses, we focus on 3 objectives:

  • Secure: Implementation and maintenance of strong cybersecurity, so attacks are stopped, and any breach is quickly detected and addressed with the minimum impact.
  • Avaialble: Enhancing the resilience of our platforms and systems, so they are available 24/7 and provide consistent levels of service.
  • Growth: Ensuring the platforms are built on top of a solid strong technology stack so they can scale and innovate fast.

Our Cyber Team supports the businesses to achieve these objectives. The team sits within the Risk and Audit function that reports directly to the board and serves as a center of excellence for the group.

Prosus Security Governance
Risk committee

The cyber team provides a technology risk report to the risk committee twice a year. This report includes a comprehensive overview of the key risks in the group, challenges and major incidents.

Group CFO

The head of cyber meets with the Group CFO twice a year to review tech risks, and whenever management intervention is needed or upon request.

The technology risk review is where major issues, the focus on months ahead, and any notable incidents are discussed. This report enables the CFO to monitor how quickly and effectively businesses resolve risks identified by the cyber team. This in turn forms part of the report provided to the risk and audit committees.

Legal and IP

As part of incident and crisis response activities, the cyber team collaborates closely with the Prosus legal team, as well as with the intellectual property team, who are responsible for infringement and notice and takedown operations.

ESG Team

Cyber security is one of the key ESG topics at Prosus, The Cyber KPIs are aligned with the Prosus ESG KPIs and we report on them as part of the annual report.

Privacy Team

The Cyber team collaborates closely with the Privacy team on regulatory topics, such as GDPR, NIS2 and country specific regulations to ensure we remain compliant.

Comms Team

The Cyber team collaborates with the communications team when it shares updates and threat intelligence internally and externally.

Cyber team
Cyber Team
Cyber Community

The cyber team nurtures a community of 200+ security professionals across the portfolio, and regularly organises conferences, competitions and sharing sessions.

Business Head of Security

The cyber team works closely with the CISOs from the businesses to address major incidents and support them with development of their roadmaps. The business CISOs help the cyber team execute on the group led initiatives.

Cyber steering committee

Monthly, the cyber team hosts two steering committees. The CTO call includes the business CTOs, and the scope is the broader technology risks and trends they see within their business.

The CISO call includes the business CISOs and heads of security, and focuses on sharing emerging threads, threat intel, incidents and best security practices.

Labels:
Reporting
Interations
Business interactions

Cyber security policy

Together with the businesses, the cyber team updates the group cyber security policy, which is then approved by the board.

In line with the Prosus governance framework, the policy cascades to the underlying controlled businesses, giving them ultimate responsibility for ensuring they implement strong cybersecurity in line with their own operations.

Security risks are part of the broader technology risks at Prosus

The platforms support our businesses to grow, they run 24/7 and are secure and safe for our customers. We use the Prosus Tech Framework to define the key competencies that we nurture and regularly assess across the businesses.

Grow

One of our competitive advantages is the ability to innovate fast through our platforms. The platforms are built using data-driven insights, on solid foundations, and allow quick and agile adjustment to the changing customer needs.

Available

Our customers use the platform 24/7. They expect the platforms to be available, and all services that contribute to the customer journey to run without degradation.

Secure

Our customers are safe when using our platforms. We ensure their data is secure and the platforms are free from malicious software.

Our internal systems (Business IT) enable the businesses to run in a secure manner and safeguard the integrity of our transactions and reporting.

Filter by Competence area

The business leverages AI technologies to unlock platform capabilities and features. These technologies provide a competitive advantage.
Ai
Artificial Intelligence
The platform architecture allows adoption of innovative features and services, and easy deployments to new markets.
Pd
Product design
A business can capture how customers use the platform. The data is captured securely, in a compliant manner, and used in decision making.
Da
Data analytics
The platform is architected to make use of resources efficiently, and insights per team and platform components are used to optimize the tech expenditures.
Cm
Cost Management
cc
The platform is developed using the right coding, testing, security and debugging technologies. Dependencies are well managed.
Sd
Software Development
The software stack and the underlying infrastructure are well architected and allow the platform to scale fast and be easy to maintain.
Sar
System Architecture
Platforms can meet demand and scale economically. The platform remains stable and limits degradation under (un)expected demand.
S
Scalability
The business monitors early indicators of failure, fault tracing capabilities contribute to maintaining a reliable platform.
Ob
Observability
Failure of platform services and operations is inevitable, and the platform is designed in a fault-tolerant way to self-heal and recover services and operations quickly.
Ro
Reliable Operations
cc
The business has plans detailing how to handle a cyber incident and the team knows how to apply them. Crisis management plan is in place and management knows how to apply it.
Ic
Incident & Crisis management
cc
The critical business and technical information is backed up and readily available in case of a disruption.
Bm
Backup Management
The business helps the employees and third parties to understand the cyber risks.
Sa
Security & Awareness
The business is aware of its IT and data assets and makes sure they are secure (e.g. through hardening and patching).
Am
Asset Managment
cc
The business provides least-privileged access only to authorised employees and third parties. Access is updated/changed and reviewed regularly.
Ia
Identity & Access Management
The business is knowledgeable about the cyber risks and the risks are managed in line with risk appetite.
Rm
Risk Management
The business works together with the group or external sources to proactively identify external cyber‐attacks.
Ti
Threat Intelligence
The business proactively monitors the IT environment for potential cyber‐attacks.
Sm
Security Monitoring
cc
The business maintains logs of security related system events.
Lm
Log Management
Platform features are designed to limit abuse. The residual abuse cases are detected and actioned quickly by accurate monitoring.
Ap
Abuse Prevention
Platform features are designed to ensure our trademarks, such as domains and websites are protected and not abused by third parties.
Bp
Brand Protection
Innovation
Our platforms are agile, data-driven and leverage new technologies that contribute to business growth. They allow the businesses to iterate and innovate faster than the competition.
Quality
Our platforms are well-architected and reliable.
Availability
Our platforms are reliable and resilient from service degradation. Our Business IT is dependable.
Security
Our platforms and BIT are secure, and we can quickly identify and respond to a cyber-attack. We can ensure the communication and information on our platforms is trustworthy, genuine and correct.
Safety
The platform is safe to use by our customers. Abuse and fraud protections ensure the safety of the customers.
Grow
Available
Secure

The cyber community

We cultivate a strong cyber community. We have an online workspace for security professionals to discuss trends and risks, and co-ordinate responses to incidents. Below are some of the regular activities we organize for the community.

Cyber Labs

Cyber Labs are 1-2 day workshops hosted in our key regions, such as Brazil, South Africa, India and Europe. During these events, the security teams from the region share the output from their latest business initiatives and best practices.

CTF events

CTFs are hacking events open for all security teams within the group to compete and showcase their technical offensive skills.

Cyber Academy

The cyber academies are online events where the security teams from the businesses share best practices with the rest of the community.

Cyber Awareness

Annually, but also based on emerging trends, we organise awareness sessions for all the employees in the group. These sessions are driven and delivered through the cyber community.

group-structure

Report a vulnerability

If you discovered a security vulnerability in our environments please report it via our disclosure form on the BugCrowd platform or directly at [email protected]. Please provide us with sufficient details so that we can easily reproduce the vulnerabilities you found.