WesCEF - Information security and technology

Information security procedures and technology are key tools to protect WesCEF’s operational and information technology systems and networks from unintended disclosure of confidential, personal or sensitive information, as well as theft of or damage to hardware, software or electronic data.

WesCEF is committed to ensuring its systems remain reliable, stable and guarded against threat in line with industry standards. WesCEF undertakes continuous improvement initiatives each year to ensure the effectiveness of these systems and regularly tests them by performing internal assurance activities.

No significant cyber security incidents occurred during the 2023 financial year. WesCEF implemented several cyber security enhancements, including upgrading software used to inspect and block malicious websites or applications, improving the security and access to networks and monitoring unusual activities, and delivering monthly team member awareness campaigns on cyber security developments. A WesCEF cyber incident response exercise was conducted to test emergency response preparedness for scenarios such as ransomware and disaster recovery.

WesCEF also undertook a maturity assessment of its data governance program with a focus on securing customer data managed in its consumer-facing businesses. Due diligence was completed on a new enterprise resource planning system for the division and a multi-year replacement program of work has been approved. Progressing this program of work and managing the security of customer data will continue to be areas of focus for WesCEF in the coming year.

Cyber teams across the Wesfarmers Group continue to regularly identify and share best practice.