The following is an excerpt from the 2020 CSR Impact Report.
Cisco’s networking, security, collaboration, and cloud solutions help secure and protect the lifeblood of the global economy.
More than 80 percent of the world’s web traffic travels securely across Cisco connections, and our software and solutions protect and keep private the data of over 500,000 organizations, from the public sector, to critical infrastructure, to the Fortune 500.
Given the critical nature of the solutions we provide, holding ourselves to the highest standards of a trustworthy, transparent, and accountable company is vital. This requires us to design solutions with security and privacy embedded from the start, and to be constantly vigilant against intrusions and misuse. It also requires applying global principles of human rights to supplier selection; the design, manufacturing, and sale of our solutions; and working to integrate a human rights perspective across Cisco’s global business.
Earning and upholding stakeholder trust goes beyond the integrity of solutions and networks. It also speaks to our financial transparency and high standards of ethical conduct. Cisco has forged trusted relationships among global stakeholders and has appeared on awards lists such as the World’s Most Ethical Companies and the Just 100.
Our business—and our world—are undergoing rapid change. As we evolve in response to emerging customer needs, we’ll continue to connect everything securely, privately, and responsibly, so that anything is possible.
How we engage
As organizations and individuals worldwide become more reliant on technology, there are more opportunities to connect and collaborate—but also more risks. Users are sharing increasing amounts of data, such as health records, banking information, and critical business files that are stored and transferred between a growing number of websites and applications. Data is a vital asset of business today. It must be managed with tools, processes, and policies that enable security and privacy across the entire business ecosystem.
Since our founding in 1984, security and privacy have been priorities for Cisco. As we have transitioned to provide more software-based solutions, having a strong security and privacy foundation has become more critical than ever. We’ve committed to invest across people, policies, processes, and technology to support the security, privacy, and resilience that leads to customer trust.
Initiatives to enable progress
Through awareness, workforce training, and education, we ensure that every Cisco employee understands their role in the security and privacy equation. By creating a collective sense of responsibility and ownership, we protect ourselves, our enterprise, and our customers; helping enhance security and privacy worldwide.
We educate employees through SecCon, our annual internal security conference, regularly held in multiple locations worldwide (with a virtual conference in 2020). We also keep risk mitigation top of mind with the Keep Cisco Safe campaign. Beginning in 2017, this campaign introduced a group of animated monsters representing a range of cyberrisk, security, and privacy concepts. Using digital signage and interactive training modules, we engaged and broadened awareness among 97,000 employees and contingent workers. This led to a spike in reported incidents to the Data Protection and Privacy response team, indicating a better understanding and proper reporting of risks. The campaign was named a gold winner in Info Security Product Guide’s 2020 Global Excellence Awards.
End-to-end security and privacy
Cisco embeds security and privacy by design and default with our Secure Development Lifecycle (SDL), a repeatable and measurable process that is now unified across all solutions and services we offer. This combination of tools, practices, and awareness increases the resiliency and trustworthiness of Cisco solutions throughout their lifecycles. New solutions are not released to customers until security and privacy requirements are embedded and confirmed.
We hold ourselves accountable for resolution of security and privacy incidents. When issues arise with Cisco’s solutions, our global Product Security Incident Response Team (PSIRT) responds swiftly, using a playbook with documented resolution procedures. When security or privacy incidents occur, our Computer Security Incident Response Team (CSIRT) and/or our Data Incident Response Team (DIRT) kicks into gear. These 24/7 teams perform comprehensive incident investigation and prevention through threat assessment and detection, mitigation planning, incident trend analysis, and security architecture review.
We are committed to transparent disclosure and education of customers on security and privacy topics. Cisco releases a Transparency Report every six months to document the data requests we receive from law enforcement and national security agencies around the world. Additional documentation on the Trust Portal illustrates our thought leadership on security, privacy, and trust. Our Principled Approach to Government Requests for Data, outlines how we protect the privacy of our customers when responding to government demands for data.
Transparency extends to our solutions: our Transparency Service Center enables customers to inspect and test Cisco source code and other intellectual property—including hardware, software, and firmware—in dedicated, secure Cisco facilities. Customized engagements are tailored for customers to verify that Cisco provides trustworthy solutions.
To learn more about the progress we’re making to power a more inclusive future through CSR, visit our Cisco ESG Reporting Hub, where you can read our CSR Impact Report.