Updated 15.2.2024
Risks related to health, safety, and environmental hazards
Occupational health and safety systems, training programmes, travel health and security instructions, and crisis management guidelines are aimed at protecting Wärtsilä employees. Appropriate insurances are in place for the personnel. To emphasise the importance of employee safety, the Board of Management has decided on a corporate level target of zero losttime injuries, which is included in the company’s sustainability programme.
Environmental management systems are in place to mitigate environmental hazard risks. Wärtsilä maintains a register of all properties used and gives guidelines for the purchase, sale, rental, and security of premises, and uses external advisors for environmental audits.
Climate change poses a variety of impacts on Wärtsilä throughout our supply chain, our own operations, and our customers’ needs. These include potential physical risks to our sites and employees, mainly as a result of increased global average temperatures, and the increased frequency, as well as intensity of heatwaves and flooding due to extreme precipitation events.
Wärtsilä assumes a modest climate change impact risk on its main production facility in Finland and warehousing facility in the Netherlands as these are not located in the natural disaster areas of extreme weather events, earthquakes, and wildfires. Certain smaller sites have a higher risk of physical effects, although they do not represent an overall major financial risk to Wärtsilä. More information can be found in the Sustainability section of the Annual Report.
Catastrophic peril related scenarios are identified and, where necessary, risks are mitigated by, for example, elevating sites above flood risk levels, or by constructing flood dikes. Business impact analyses and continuity plans have been carried out for the main sites to address property damage and business interruption risks. When delivering customer projects in locations with possible extreme weather events, Wärtsilä pays very careful attention to the wellbeing of its employees and subcontractors, and plans operations accordingly.
Cyber and information security related risks
With the rapidly growing use of data in shipping, shipbuilding, and in the energy markets, cyber threats can potentially result in various forms of financial, operational, or reputational damage to the business.
Wärtsilä has an internal organisation dedicated to the effective management of cyber security risks throughout the Wärtsilä Group. This organisation, in cooperation with Wärtsilä’s businesses, delivers strategic and operational support for cyber security. It also provides the associated governance, risk management, and assurance required to support and enable safe and secure internal operations, while aiming to ensure that the businesses’ customer offerings are aligned with all relevant current and future regulations and applicable standards.
The Wärtsilä cyber security governance model is closely aligned with overall business risk management and supports the businesses and support functions in identifying and prioritising their respective cyber security risks. The cyber security team works with security colleagues across Wärtsilä to ensure the effective and coordinated delivery of holistic security solutions, for both the cyber and physical domains.
Information security risks related to Wärtsilä’s internal operations are continuously identified, analysed, and evaluated. The attendant mitigation activities are executed throughout Wärtsilä’s networks, endpoints, systems, and services. The 24/7 Wärtsilä Security Operations Center continuously monitors the perimeter to internal systems and closely observes the external threat exposure level, whilst providing a coordinated response to identified information security incidents, as and when they may occur.
The effective mitigation of risks associated with cyber security hygiene throughout Wärtsilä is continually and progressively reinforced through coordinated and complementary cyber security training, awareness initiatives, and extensive communications. This involves all Wärtsilä businesses and corporate functions.
Wärtsilä has identified the need to mitigate the cyber security risks associated with its supply chain. The company has addressed this need through a comprehensive risk-based thirdparty risk management programme, involving both increased opportunities for the remote and objective assessment of suppliers, as well as the continuous monitoring of supply chain cyber security risk.
It should be noted that Wärtsilä has achieved numerous cyber security certifications and is in the process of further aligning with international standards and certifying the cyber security of its processes, products, and solutions.
Privacy and data protection risks
The EU’s General Data Protection Regulation (GDPR) sets out the general framework for Wärtsilä’s data protection, which is applied both inside and outside the European Economic Area. Data protection implementation is supported by, and aligned with, Group-wide privacy policies and processes.
Wärtsilä applies a risk-based approach to privacy and data protection and continues to take further actions to strengthen privacy and data protection implementation to mitigate risks by accountability, privacy by design, data minimisation and transparency.
Wärtsilä continuously improves employee data protection awareness with mandatory data protection (GDPR) training, targeted training sessions, communication activities, as well as comprehensive guidance materials. Wärtsilä continues to invest in the development of data protection platforms to support data protection management and implementation.
Insuring of the risks
The risks that Wärtsilä is unable to influence through its own efforts are transferred, whenever possible and desirable, to insurance companies. The insurability of a risk requires that the damage can be considered as an abrupt, sudden and unforeseen event.
Wärtsilä uses appropriate insurance policies to cover indemnity risks related to its personnel, assets, and business interruptions, including supplier triggered interruptions, as well as third-party and product liability. Wärtsilä has its own captive insurance company, Vulcan Insurance PCC Ltd for insuring Wärtsilä’s own risks. For re-insuring purposes, the company is located on the island of Guernsey. Vulcan Insurance PCC Ltd’s results are consolidated into the corporation’s books and are subject to normal taxation in Finland.