Skip to main content

Other central activities

Information technology and cyber security

Digitalisation is a key success factor in delivering Shell's Powering Progress strategy. Shell is transforming its IT systems to support its evolving portfolio of businesses. We invest in new technologies, such as artificial intelligence and machine learning, to enhance our IT capabilities and bring value to the business.

The growing dependence on IT and data brings risks. A breach of IT systems or loss of data could cause significant harm to Shell in the form of loss of productivity, loss of intellectual property, regulatory fines or reputational damage. Sanctions, including regulatory fines, might be imposed on Shell if authorities find Shell in breach of cyber security or data protection regulations. Cyber security is key to managing those risks, especially in today's increasingly regulated environment where cyber threats are growing.

Shell operates a multi-level defence strategy, underpinned by the Shell Performance Framework. Our advanced cyber defence capabilities help us prevent, detect, respond to and evolve as cyber security and data privacy risks become more complex. We continuously assess and, where relevant, improve these capabilities to reduce the likelihood of successful cyber attacks.

Our global integrated Information Risk Management (IRM) and cyber defence teams are staffed with cyber security professionals that monitor, assure and defend our global IT landscape. The combined Global Functions Chief Information Officer and Chief Information Security Officer (CISO) roles were split as of November 1, 2023. This resulted in a dedicated CISO role within Shell's Information & Digital Technology (IDT) leadership.

Cyber security risk management

Our cyber security capabilities are embedded in our IT systems and our IT is protected by various detective and protective technologies. A structured approach to identify, assess and mitigate IT and cyber security risks is built into our support processes and aligns with industry best practices. We continuously track cyber attacks, threat intelligence and vulnerabilities in our IT landscape and have an established incident management and escalation process in place. The security of IT services, where operated by external IT companies, is managed through contractual clauses and additionally through formal supplier assurance reports for critical IT services. Shell engages an external party to perform periodic benchmarking of Shell's approach to cyber security risk management in comparison to industry and peers. We develop our cyber security capabilities, based on external dynamics, benchmarking outcomes and assurance results and take a risk-based approach in our investment decisions related to cyber security risk strategy. Shell's first line of defence is formed by a workforce that is trained to be cyber security aware. In 2023, our annual safety day included cyber security awareness raising. Robust governance processes are embedded across Shell to increase cyber awareness, monitor key cyber risks, and provide risk assurance. Our IRM practices and cyber security risks and strategy are regularly discussed by and among our CISO, Shell's Information and Digital Technology leadership, the Executive Committee, the Audit and Risk Committee and the Board of Directors. These discussions involve consideration of changes in the external environment, how Shell is responding to cyber security risks and implementation of further remedial actions as appropriate. In 2023, these discussions were supplemented by dedicated deep dives into areas such as the emerging risks and opportunities associated with generative artificial intelligence. Shell employees and contract staff are required to complete mandatory training courses and participate in regular awareness campaigns aimed at protecting us against cyber threats. Shell has reported incidents in 2023 to regulatory authorities in several jurisdictions. None of these had a material impact on Shell, including its business strategy, results of operations, or financial condition.

The IRM and cyber defence leadership teams involved in monitoring and managing our cyber security threat risk and assurance process have an average of around 25 years of experience. This group is led by our CISO, who has more than 20 years of experience in the information technology and information security field, including serving as the chief information officer for various large public companies. Our CISO holds qualified technical expert certifications, has completed the London School of Economics Executive Development programme and holds an undergraduate degree in management information systems, risk management and corporate finance. Our CISO is active in various cyber security industry trade groups, having previously held leadership positions in the Oil & Gas Cyber Security Network and the Chief Information Officers Strategy Exchange.

Projects & Technology

Projects & Technology and the relevant business lines work together to determine the content, scope and budget for developing new technology that supports our activities. The new technology is developed, using a robust maturation process, to systematically de-risk technical and commercial risks. This is done while we seek to align our portfolio with Shell's strategic ambitions and deployment commitments.

A significant proportion of Shell's technology contributes to our emissions reduction targets. We collaborate with leading academic research institutes and universities, and provide start-ups with access to mentors and subject matter experts. Shell Ventures invests in and partners with start-ups and small and medium-sized enterprises that are in the early stages of developing new technologies. The Shell GameChanger programme helps companies to mature early-stage technologies.

See "Risk factors".

Intellectual property

At Shell, we have a wide-ranging intellectual property (IP) portfolio which includes patents, trademarks, know-how, trade secrets, and copyrights. These legally recognised forms of IP enable companies to protect aspects of their IP and to derive value from them. For example, the distinctive Shell pecten, a trademark in use since the early 20th century, and trademarks in which the word Shell appears, help raise the profile of our brand globally.

We protect and defend our IP around the world. Equally we respect the valid IP rights of others. Not doing so risks damage to our business and reputation, negatively impacts our ability or licence to operate, and could result in legal and financial risks as well as the loss of IP rights. At December 31, 2023, we held 8,829 patents, which includes granted patents and pending patent applications.

Shell holds trademarks in countries all around the world, including some in which we no longer have operations. For example, in 2023, we renewed our trademark LINEVOL in Syria and paid $370 to the Syrian Arab Republic, Ministry of Finance, and $713 in agent and handling fees. In addition, we renewed one international trademark application, which amongst other countries, included the Islamic Republic of Iran, through the World Intellectual Property Organization Madrid system, for a fee of $113 for Iran specifically. We ceased all operations in Syria in 2011 and Iran in 2018 and the renewals of our trademarks are not indicative of any sales of products in either country.

Chief Information Security Officer
View complete glossary
Information Risk Management
View complete glossary