2025 Sustainability Report

Cybersecurity and Data Privacy

Responsible Governance

MetLife is committed to treating personal information and other data MetLife owns or possesses with the same care and discipline that underpin our entire information technology and operations strategy—protecting it, using it responsibly and processing it securely in compliance with applicable laws and regulations. Our focus is simple: earn and keep the trust of our customers, employees and business partners by safeguarding data every step of the way.

Our policies and procedures are designed to protect confidentiality and security of personal information and create effective mechanisms to handle information appropriately worldwide, which includes key areas such as safeguards and risk management, monitoring, data incident response, cybersecurity and e-discovery investigation and threat intelligence. Our Global Privacy and Information Security programs establish enterprise-wide principles and global minimum standards, among other things, around the collection and use of personal information in compliance with applicable privacy laws and regulations. Please refer to Item 1C. Cybersecurity of MetLife’s 2025 Form 10-K for more information.

Privacy Compliance Risk Management

MetLife’s Privacy Compliance Group, headed by the Chief Privacy Officer oversees MetLife’s Privacy Compliance Risk program and is responsible for establishing and maintaining the internal Global Privacy and Data Protection Policy (Global Privacy Policy), overseeing the implementation of, and ongoing compliance with, the Global Privacy Policy and advising business management on privacy risks.

The Global Privacy Policy establishes enterprise-wide principles and global minimum standards designed to facilitate compliance with applicable privacy laws and regulations in the countries in which MetLife operates.

Cybersecurity and Privacy Training

MetLife conducts mandatory cybersecurity and privacy training every year for all employees to raise awareness about potential threats and provide clear, actionable guidelines to apply sound security practices in everyday responsibilities. MetLife employees are expected to exercise diligence in safeguarding information entrusted to MetLife and are required to complete yearly privacy training and comply with applicable privacy laws and regulations when processing personal data held by the Company.

MetLife promotes broader cybersecurity capabilities by providing employees with resources to protect themselves, our customers and the enterprise. We participate in industry cybersecurity groups and events, such as Cybersecurity Awareness Month each October, to engage our employees and stay ahead of evolving threats.

Information Security

We manage information security risk through, and as part of, MetLife’s Information Security program, instituted to maintain controls for the systems, applications and databases of MetLife and our third-party service providers. MetLife’s Chief Information Security Officer manages the program, collaborating with lines of business and corporate functions. Please refer to Item 1C. Cybersecurity of MetLife’s 2025 Form 10-K for more information.

Continue reading this chapter

2025 Sustainability 
Report

Living Our Purpose
Read our 2025 Sustainability Report for more information on MetLife initiatives and progress.
Living Our Purpose
Read our 2025 Sustainability Report for more information on MetLife initiatives and progress.
Download