ÖBB Annual Report 2023

Group Management Report 162 Österreichische Bundesbahnen-Holding Aktiengesellschaft Consolidated Financial Statements | Group Management Report 117 Key figures at a glance 2023 2022 Public Safety Index "ÖSX 137.9 130.9 Assaults / assaults against train attendants / service and control team employees / and ÖBB- Operative Services GmbH & Co. KG employees 347 *) 360 without injury 265 *) 285 of which at the station 21 23 of which at the train 244 262 with injury 82 75 of which at the station 26 22 of which at the train 56 53 Thefts from customers / travellers 2,745 2,264 Property damage ÖBB 3,172 3,748 *) Figures may differ from the previous year due to subsequent reporting in the current year. Note: Property damage instead of non-ferrous metal thefts, as these are already at a negligible level. Damage to property (graffiti and vandalism) decreased in 2023 compared to the previous year. This is due to the fact that the sensitisation of staff and the quality of reporting having been significantly expanded and improved. The intensive cooperation with the executive has also led to a reduction in the numbers. Police patrols have repeatedly stopped and arrested offenders caught committing offences. Technical surveillance using video towers in the parking facilities and the occasional deployment of security staff with the support of a service dog also had a positive impact. An increasing trend is also evident in the area of thefts from travellers in trains and stations. This is partly due to the increase in passenger numbers and a change in the reporting system. The police now report thefts directly to ÖBB as part of reports and video analyses, which means that these incidents are now also included in the overall statistics. This additional reporting source and the knowledge of the thefts enables the police to initiate appropriate countermeasures in close cooperation with ÖBB’s public safety department. For example, specific special patrols and priority actions were conducted by the police at selected railway stations and trains. The deployment of security personnel in trains and at stations was also increased on an ad hoc basis. Video surveillance systems at railway stations and in trains are also an important component in combating this area of crime. Information security Information security is fundamental to the existence and future success of the ÖBB Group. It includes ensuring the protection objectives of confidentiality, availability and integrity for all digital and analogue information, taking into account the relevant regulatory requirements. One of the core tasks is to define the information security strategy and establish guidelines across the entire group. This is designed to create the framework conditions for a uniform approach to information security throughout the Group. In 2023, a new multi-year Group-wide information strategy was formulated, targets defined and important measures and new initiatives launched. In the interests of efficiency, measures are developed and implemented throughout the Group, as is the case with awareness measures, for example. Parts of the Group have undergone external audits and have achieved recertification or initial certification of their information security management system in accordance with ISO 27001. Parts of ÖBB are already subject to the current NISG (Network and Information System Security Act). At the same time, NIS-2 (EU-wide Network and Information Security Directive) will expand the scope of application and requirements, for which the Group companies are already preparing. Embedded in “PROTECT”, the topic is dealt with in a structured manner, including the expansion of internal expertise. As part of the Target Operating Model (TOM) of information security, key resources are successively onboarded. Key figures at a glance 1) 2023 2022 Number of spam e-mails in millions 95 87.5 Number of virus attacks 5,974 2) 8,189 1) Incidents in Austria and international subsidiaries. 2) Measures such as the establishment of a Security Operations Centre and Cyber Defence Centre in the ÖBB Group, as well as increased awareness measures have been continuously initiated (newsletters, phishing campaigns, clean desk checks etc.) to prevent virus attacks since 2021. Microsoft’s Endpoint Detection and Response solution was also successfully implemented in 2023 | MR117