Cybersecurity

In the context of increasing digitalization and the adoption of artificial intelligence tools, cybersecurity has become a critical governance priority.

Strategy

The company operates under an enterprise-grade security approach aligned with international standards such as the NIST (National Institute of Standards and Technology) framework. This cybersecurity strategy is also based on ISO 27000 standards, is preventive in nature, and is structured around three key pillars:

People - Technology - Processes.

Grupo Lamosa’s cybersecurity strategy is led by the Information Security Committee, responsible for establishing and implementing a governance framework and control environment focused on information protection. The committee includes the Chief Financial and Administrative Officer and representatives from the company’s business units and corporate functions, and is led by the Information Technology Department.

Additionally, the company has a Corporate Information Security, Risk Management and Confidentiality Policy, which defines the guidelines necessary to ensure the proper use and protection of Grupo Lamosa’s data and assets. During 2025, this policy was reviewed and upgraded to align with the NIST CSF 2.0 framework, incorporating stricter controls over data protection and business continuity.

Culture

The Information Security Program is a key pillar of the company’s cybersecurity strategy and integrates robust controls to protect systems, information and corporate devices, as well as ongoing training and awareness programs for employees.