Kumho Tire defines the operational standards and compliance requirements for employees through internal information security policies and standard guidelines within the Information Security Management System (ISMS). This policy applies to all employees, all tangible and intangible assets owned by the company, and within the defined scope of the guidelines, it also covers visitors, contractual suppliers, and other personnel subject to business coordination and control.

Information Security Governance

The information security operation organization operates under the supervision of the Chief Security Officer, and in 2024, a dedicated team was established to strengthen company-wide information security. Enterprise security and site managers manage information security stably through regular and special information security diagnostics and post-response activities. Additionally, Kumho Tire continuously improves the information security management process to respond swiftly and minimize damage in the event of an information security incident.

Kumho Tire aims to prevent information security incidents by raising awareness of information security. To achieve this, Kumho Tire has set specific goals to conduct information security training at least once a year and to conduct information security audits at least twice a year. Kumho Tire plans to provide information security training tailored to the roles of information security officers and all employees, and to share clear information security guidelines to enable each business site to conduct information security audits.

TISAX Certification

Kumho Tire is proactively inspecting and improving the enterprisewide security system to obtain the TISAX certification, which is required by the automotive industry supply chain in Germany, Europe, and globally. Kumho Tire is identifying documentation and IT investment requirements company-wide to drive improvements and new investments. In 2024, Kumho Tire completed TISAX certification for a total of 9 sites, including major sites in Seoul, Gwangju, Gokseong, the European Technical Center (KETC), and the China Research Center (KCTC).

Information Security Audit

Kumho Tire conducts information security audits twice a year, semi-annually, under the supervision of the entire company and each business site. Kumho Tire has established a Security Information and Event Management (SIEM) for use in information protection system audits.

Vulnerability Check and Implementation of Improvements

Kumho Tire conducts regular diagnostic activities (special diagnostics as needed) and vulnerability checks for all sites at least once a year. The information security department implements improvements and preventive measures based on diagnostic results of potential security vulnerabilities and periodically reports the status of these improvements to the management.

Cybersecurity Investment

Kumho Tire is expanding its investment in information security systems, including cyber harmful site blocking systems and internet firewalls, to respond to increasingly sophisticated cyber threats. Kumho Tire utilizes the SIEM to collect, analyze, and report data, and has adopted the SOAR (Security Orchestration, Automation, and Response) solution to automatically classify response levels and standardize procedures for various cyber threats. We transparently disclose these investment details and our information security status as required by the information protection disclosure mandate overseen by KISA (Korea Internet & Security Agency).

Information Security Incident Response System

Kumho Tire classifies information security incident types and levels, and in the event of an incident, takes preliminary actions according to the manual by level, followed by cause investigation, evidence analysis, and response measures to prevent the spread of information security damage. In addition to deploying dedicated personnel, external experts are engaged when necessary to comprehensively assess the causes and issues to prevent recurrence and develop fundamental countermeasures.

System Failure Response System

Kumho Tire established a system failure response system in 2023 to respond quickly and effectively to system and networkrelated failures. When the IT operations team detects a system failure, they first identify the scope and level of the failure, analyze the cause, and ultimately resolve the issue. At each stage, IT personnel systematically report the situation to relevant teams and management.

Personal Information Management

IT Security Management Team has established and distributed policies and guidelines, managing and inspecting personal information protection. In 2023, Kumho Tire launched an ‘Easy-to- Understand Privacy Policy’ through summarizing and labeling key contents, achieving zero complaints regarding customer personal information protection violations and losses.

🔗Easy-to-Understand Privacy Policy

Personal Information Protection Compensation Liability Insurance

Kumho Tire is mandatorily subscribed to personal information protection compensation liability insurance. We prepare for the loss, theft, leakage, and damage of core information and personal data, minimizing risks related to information security incidents.

Conducting Cyber Hacking Simulations

Kumho Tire conducts hacking response training at least twice a year. In May 2023, we collaborated with KISA (Korea Internet & Security Agency) to train 357 employees in domestic sites on how to respond to and report hacking incidents. In December, Kumho Tire conducted a simulated malicious email drill for all employees, training them on appropriate response measures when receiving actual malicious emails.

Information Security Training

Employee Training

Kumho Tire conducts mandatory information security training for employees twice a year. The training covers topics such as protecting information assets, raising security awareness, and preventing losses due to information leakage.

Security Officer Training

Kumho Tire provides special training for security officers responsible for information security tasks. In 2024, Kumho Tire conducted training led by a professional IT security company to enhance security awareness and analyze the latest security trends, supporting the capacity building of security officers.