Home > Sustainability > Cybersecurity

The Group seeks to protect its critical assets and data from cyber-attacks, and ensure that there are adequate and effective cybersecurity defences to protect corporate information assets and critical infrastructure.

The Group has also set the following KPIs to assure the robustness of the Group’s cybersecurity measures:

  • Periodically performs security assessments of critical IT infrastructure and processes to identify security weaknesses and vulnerability;
  • Periodically conducts penetration tests for IT landscape to discover potential vulnerabilities;
  • Completes web security enhancement project to strengthen the security protection of Internet browsing activities;
  • Performs security assessment and enhancement of end-point device and server, ICS/OT, private cloud and application software; and
  • Continues to raise cybersecurity awareness among employees by running cybersecurity awareness training programmes and carrying out phishing drills from time to time.

We have established a framework to facilitate a systematic approach in identifying, assessing and managing the cybersecurity risk within the Group.

Identify - Develop an organisational understanding to manage cybersecurity risk to systems, people, assets, data, and capabilities;

Protect - Develop and implement appropriate safeguards to ensure the delivery of critical services;

Detect - Develop and implement appropriate activities to identify the occurrence of a cybersecurity event;

Respond - Develop and implement appropriate activities to respond to a detected cybersecurity incident;

Recover - Develop and implement appropriate activities to maintain infrastructure resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident.