The Group seeks to protect its critical assets and data from cyber-attacks, and ensure that there are adequate and effective cybersecurity defences to protect corporate information assets and critical infrastructure.
The Group has also set the following KPIs to assure the robustness of the Group’s cybersecurity measures:
We have established a framework to facilitate a systematic approach in identifying, assessing and managing the cybersecurity risk within the Group.
Identify - Develop an organisational understanding to manage cybersecurity risk to systems, people, assets, data, and capabilities;
Protect - Develop and implement appropriate safeguards to ensure the delivery of critical services;
Detect - Develop and implement appropriate activities to identify the occurrence of a cybersecurity event;
Respond - Develop and implement appropriate activities to respond to a detected cybersecurity incident;
Recover - Develop and implement appropriate activities to maintain infrastructure resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident.