Digicel is deeply committed to ensuring robust cyber and information security across our global enterprise. As a provider of critical national infrastructure, we understand the importance of delivering world class ‘always-available’ services, and safeguarding our information and the information entrusted to us by our customers. Cyber-attacks occur every day and are constantly evolving.  As a digital operator for connectivity, entertainment, and communication services we also face unique, sophisticated attacks that target the industry for telecom carrier networks and internet service providers (ISPs).

Over recent years, the volume of cyber-attacks across the Caribbean has been increasing and our 10M+ customers use and rely on Digicel’s products and services every minute of every day. Because of this, we make the security of our network, systems, and data a top priority. We embed a culture of security in our company’s DNA so that it is a part of everything we do, and it’s driven from the highest levels within our organisation.

We have developed and implemented an information security management system (ISMS) that adheres to international information security standards and best practices to ensure that we have a comprehensive framework for planning, managing, and governing how our information is kept secure. Our ISMS ensures that we continuously identify our risks and have well defined controls and mitigations in place to manage these risks.

Digicel employs an in-house team that is dedicated to cyber security and focused on architecting security by design for our new and existing systems and service deployments. This cyber security team uses industry leading security tools to constantly monitor, defend and mitigate cyber threats to protect our network, data, and customers. They also do this alongside top, leading international third-party experts in the cyber field worldwide.

Digicel’s extensive scope and operational breadth across the Caribbean and Latin America enables us to retain the best cyber talent, have the Caribbean’s most mature security operation with also ultimately the most visibility on existing and emerging cyber threats in the region. Our commitment and investment to cyber security ensures that we and our customers benefit from the industry’s most advanced cyber protection.

Overall, our approach to cyber security is to minimise the risk of having a cyber incident that affects our networks, services, data, customers, and employees. As such, understanding the threat landscape and our risks is constantly evaluated. We conduct regular reviews and assessments, and mandate that all our employees do annual security awareness training.

Our commitment to upholding information security best practices and industry standards is not just “word-of-mouth”. Digicel is best in class in everything that we do, and for information security we strive to comply with the highest standards.

Since 2021, Digicel’s information security programme led by our Group Security team is independently evaluated and audited every year by international assessors to ensure that we maintain the International Standard Organization’s ISO 27001 requirements for information security. We comply with relevant laws and requirements, collaborate with national cyber response teams, law enforcement, and actively contribute to consultations and debates to improve and assure cyber security in the sector and across the Caribbean.   

As a provider of critical national infrastructure across 24+ countries, Digicel detects, blocks, and mitigates millions of cyber-attacks every day that threaten to disrupt or impact our services and customers. Even with robust cyber protections and controls, no organisation is immune all the time to the impact of an attack. As such our dedicated Group Security team has a well-documented incident response plan (IRP) and playbook for when an unwanted event occurs. The IRP is regularly reviewed and tested to ensure that our responders have rapid risk mitigation capability and effectiveness. If an attack occurs, Digicel recognises the importance of having the right people involved for the situation, knowing what to do, when to do it, and capable to do it. This includes engaging and notifying with key external parties including regulatory bodies, law enforcement, and of course any of our affected customers.

The Director of IT Security is a member of the Digicel Crisis Management and Business Continuity Committee, and actively participates on disaster recovery planning and objectives.