Enabling People Flow with cybersecurity

Cybersecurity at KONE is a strategic enabler of trust, innovation, and more sustainable urban living.

Security you can trust

Security and safety are embedded by design across our products, services, and operations, guided by global standards and continuous improvement.

As we drive digital transformation with our customers, safeguarding data and ensuring the integrity of connected services are essential. We implement robust cybersecurity measures and maintain digital trust through transparent data practices, secure platforms, and continuous threat monitoring. 

 

By embedding security into everything we do, we help customers operate with confidence, unlock new value from services, and shape smarter, safer cities in the future together.

Man and boy in elevator

Cyber Resilience Act

KONE is fully committed to meeting the new cybersecurity requirements introduced by the CRA as part of KONE’s wider cybersecurity commitment.

Cybersecurity stories

  • Hackers on a computer

    The invisible shields of urban life

    KONE’s Chief Information Security Officer, Petteri Rantanen, talks about the shifting landscape of cybersecurity and how to build cyber defenses.
  • City at night

    How ethical hackers make KONE products and services safer

    Ethical hacking is a necessity in today's world as cyberattacks led by black hat hackers have increased sharply.
  • Metro station

    Elevators and escalators just got safer – thanks to a new cybersecurity standard

    ISO 8102 is the first ever cybersecurity standard for elevators, escalators and walkways. KONE played a key role in creating this standard for ever-more-secure digital ecosystems.

KONE maintains technological and organizational measures to protect solutions, networks, devices, and information from unauthorized access or criminal use and to ensure the confidentiality, integrity, and availability of information.
 

Governance: KONE has business driven security governance, defined security management system, incl. security policies, processes, guidelines, and monitoring and metrics to follow security performance throughout KONE's business operations.​ ​


Asset Management: 
KONE maintains an asset inventory of technology assets, such as applications, platforms, servers, workstations, and mobile devices. The asset inventory includes the asset lifecycle, owner, and criticality. The assets are disposed of in a secure and sustainable manner. ​


Information Protection:
 KONE uses information classification to ensure information is protected in accordance with its importance. The protection measures include access controls, cryptography, data masking etc. ​


Identity and Access Management:
 KONE’s IAM controls enable the right individuals to access the right resources at the right times for the right reasons. All KONE employees, externals and customers have a unique identifier to separate them from other users. The User IDs must be coming from identified master data systems and have a lifecycle. ​


Application Security:
 KONE’s secure development lifecycle ensures that application security requirements are identified early in the lifecycle. ​


System and Network Security:
 The outgoing internet traffic in KONE network is secured by cloud-based proxy solution, on-premise firewalls on larger locations and/or by central firewalls in regional hub locations. ​


Secure Configuration:
 KONE requires hardware, software, services, and network configurations to be hardened according to the best security practices, for example using the Center of Internet Security’s (CIS) benchmarks. ​


Threat and Vulnerability Management:
 KONE’s vulnerability management process defines how the vulnerabilities are identified, remediated and reported. KONE uses Centralized Vulnerability Management System (CVMS) to process vulnerability information from various sources. Regular vulnerability scans cover internet-facing services and infrastructure. Penetration tests are conducted on a case-by-case basis for prioritized solutions, including IoT devices. ​


Information Security Event Management:
 KONE’s Security Operations Center (SOC) monitors Security Information and Event Management System’s (SIEM) logs, analyzes events and detects and responds to security incidents. The SOC operates 24/7. ​ ​


Human Resource Security:
 Reference and other background checks are performed to ensure the candidate is eligible and suitable for the role for which the candidate is considered. All employees are enrolled to regular, role-based cybersecurity training program.​ ​


Physical Security:
 KONE premises are classified based on a risk assessment. The classification sets the minimum amount of physical security requirements that must be implemented at the site. All KONE premises have physical security perimeters and physical entry controls. ​


Supplier Relationships Security:
 KONE has global and unified supplier segmentation model which includes identifying supplier cyber risk profile. Based on the supplier cybersecurity profile, KONE defines mandatory security requirements. ​ ​


Legal & Compliance:
 KONE monitors the legal, statutory, regulatory, and contractual requirements impacting KONE and our products and services offered to customers. KONE is actively participating in industry standardization work, such as ISO 8102-20:2022 Electrical requirements for lifts, escalators and moving walks — Part 20: Cybersecurity. ​


Continuity: 
KONE Business Impact Assessments set the requirements for recovery time objectives (RTO) and recovery point objectives (RPO). The solutions with high criticality require a documented Disaster Recovery Plan (DRP) which is regularly rehearsed. KONE has requirements towards backup management and capacity management which support KONE’s continuity objectives. ​


Information Security Assurance: 
KONE has an annual internal audit program for security and a KONE-wide process and supporting system to manage corrective actions. KONE has IEC 62443 4-1 certification for secure development lifecycle. External security audits and assurance are conducted regularly.Read our Cybersecurity management principles here

Our cybersecurity standards and certifications

Secure and reliable products and services

Cybersecurity at KONE goes beyond protecting systems. It enables regulatory compliance, supports sustainable innovation, and ensures that every elevator journey, service interaction, and data exchange is grounded in trust. Our practices, aligned with global standards such as ISO 27001 and IEC 62443, reinforce that trust every day. 

  • Women in an escalator

    Report a security issue

    If you discover a potential security vulnerability regarding our solution, please let us know. You can use PGP public key to encrypt your email. We investigate all valid reports and contact you for further information if needed.

  • City view

    Cybersecurity Policy Statement

    We design our solutions and processes to enable us to conduct our business in a secure and sustainable manner and consistently apply the KONE cybersecurity management system in all our activities.
  • Kids playing with toy airplanes in the city

    Sustainability

    Cybersecurity is one of the pillars of sustainability at KONE and is key to ensuring a safe and livable urban future.