Better Health for All

CYAN AG's core business is cybersecurity solutions, which indirectly provide modest health benefits by protecting users from online threats, reducing stress and anxiety related to cybercrime, and safeguarding children from harmful online content. The company's products do not have well-established negative health outcomes. As a cybersecurity company, its products do not have direct safety implications for physical or mental health. In 2024, the company's R&D expenditure was EUR 3.0 million, representing a research and development ratio of 41.8% of its EUR 7.1 million group sales.

In 2022, R&D expenses were EUR 4.3 million, with a ratio of 49.1% of its EUR 8.5 million revenue. The company's privacy policy states that personal data is stored exclusively within the EU or EEA, and it implements physical, administrative, and technical safeguards to protect personal information. CYAN AG acts as a data processor for its cybersecurity solutions and has concluded Data Processing Agreements with all engaged sub-processors. The company's products, such as Child Protection, allow parents to set screen-time limits and manage access to inappropriate content, which can indirectly support mental well-being. PC Protection includes a web filter scanning for malicious web addresses and features to quickly scan devices for viruses, contributing to preventative online safety.

Fair Pay & Worker Respect

The company reported a Total Recordable Case Frequency (TRCF) of 0.53 per million hours worked in 2024, which translates to a Total Recordable Injury Rate (TRIR) of 0.106 per 200,000 hours.

There were zero lost time injuries and zero fatalities from 2020 to 2024. However, the median total remuneration gender pay gap for 2023-2024 was 49.1%, meaning women earn 50.9% of men's pay, attributed to lower representation of women in offshore, technical, and leadership roles. Women constituted only 0.3% of the offshore workforce globally in 2024. The company reported no known incidents of bribery or corruption during 2024.

Fair Trade & Ethical Sourcing

CYAN AG specializes in providing white-label cybersecurity solutions, focusing on software and services.

As a cybersecurity company, it does not procure or trade physical commodities, nor does it have a traditional supply chain that would require fair-trade certifications, sourcing audits, or involve materials with associated risks like conflict minerals. Therefore, the KPIs related to physical commodity sourcing, supply chain audits, and material risk are not applicable to its business model.

Honest & Fair Business

The company received a $487,000 fine from the SEC in October 2021 for violations related to disclosure controls and procedures following a cybersecurity incident.

It also faces a statement of charges from the NYDFS for cybersecurity regulations related to the same incident. The company has a Code of Business Conduct and Ethics that addresses anti-corruption, bribery, and the prohibition of payments to government personnel, and provides annual employee training on these topics.

Kind to Animals

No specific, concrete evidence was found in the provided articles regarding CYAN AG's performance against the 'Kind to Animals' value. discusses activities of 'Cyan Renewables' and its acquisition 'MMA', which are distinct entities with a different business focus (offshore wind, marine services) from CYAN AG (cybersecurity solutions) as described.

explicitly states that there is no mention of CYR.XETRA or CYAN AG. Therefore, no KPIs can be scored based on the available information.

No War, No Weapons

The company has no involvement in military contracting, controversial weapons, or small arms.

Its core business is cybersecurity solutions for mobile network operators and insurance companies, which are civilian markets. Yahoo Finance reports explicitly state "Military Contracting: No", indicating no revenue from arms or defense contracts. It also states "Controversial Weapons: No" and "Small Arms: No", which is third-party verified zero exposure to controversial weapons. Given the company's civilian business model, no specific ethical red lines related to weapons are needed.

Planet-Friendly Business

The provided articles focus primarily on CYAN AG's financial performance, operational progress, and strategic growth, including subscriber growth and market expansion. There is no specific, concrete data or mention of any environmental performance metrics, targets, or initiatives such as carbon emissions, renewable energy use, waste management, water usage, green building certifications, or climate-related disclosures.

Therefore, no KPIs related to Planet-Friendly Business can be scored based on the evidence provided.

Respect for Cultures & Communities

CYAN AG, a B2B cybersecurity company, has no reported formal partnerships with indigenous or local community groups, nor any reported cultural appropriation incidents, cultural impact assessment protocols, or community governance inclusion.

There is no evidence of investment in cultural preservation, FPIC participation, indigenous supplier engagement, cultural site protection, social license to operate, charitable giving to cultural organizations, community fund allocation, language inclusivity, cultural incident response, or cultural sensitivity training. Given the company's business model, many of these KPIs are not applicable.

Safe & Smart Tech

The company holds an ISO/IEC 27001 certification for its Information Security Management System.

For authentication security, the company offers security modules for PSD2 compliance, including face detection, fingerprint, and PIN authentication. However, there is no information on the percentage of services where multi-factor authentication (MFA) is available. Regarding regulatory compliance, the company highlights its PSD2 compliance, but no other specific regulatory compliance details are provided, and there is no mention of compliance with broader regulations like GDPR or CCPA.