122 YINSON HOLDINGS BERHAD | INTEGRATED ANNUAL REPORT 2023 Why is this topic material to us? Our ongoing efforts to enhance our systems and processes through digitalisation and technology have made us increasingly dependent on data. The data, which is stored and processed electronically, is proprietary and confidential and therefore warrants an urgent need for robust cybersecurity. A breach in the system may bring about severe consequences for the Company, including financial losses, loss of confidential information, decreased competitiveness, disruptions to our business operations and reputational damage. Management approach Group Cybersecurity Roadmap In 2022, Yinson’s Cyber Risk Management Roadmap was renamed Group Cybersecurity Roadmap and incorporated into the Group Strategic IT Roadmap. Digital transformation can introduce new cyber risks, making cybersecurity an essential consideration in the roadmap’s development. The roadmap was developed based on a comprehensive risk assessment with stakeholders across the business. Once the risks were identified, they were prioritised based on the likelihood of occurrence and potential impact. This helps to ensure that the most critical risks are addressed first. Subsequently, strategies and implementation plans were developed based on best practices, industry standards and regulatory requirements. The roadmap includes several initiatives to bolster the Group’s cybersecurity system, including training our people, updating our processes and adopting relevant technologies. Managing the cybersecurity of our offshore assets is an ongoing effort, executed through internal training, process improvements and the adoption of applicable technologies. As the cybersecurity and data landscape evolves, we will continue to actively identify more measures we can take to strengthen our cybersecurity posture. The Group Cybersecurity Roadmap encompasses both IT and Operational Technology and was expanded in 2022 as per the framework of the National Institute of Standards and Technology (NIST). The Group successfully deployed tools to prevent and suppress cyber threats arising in the year. We also provided annual training and awareness CYBERSECURITY DEFINITION OF MATERIAL TOPIC Ensuring our digital systems and assets are safeguarded against external cyber threats. IMPACTS MG5 S9 S10 GS1 GS2 GS3 GS4 GS6 S7 S8 S2 S4 S3 S1 S6 S5 EMBRACING GOOD CORPORATE GOVERNANCE campaigns Group-wide to embed consistent cybersecurity practices among employees. Information Security Policy & Procedure Yinson’s Information Security Policy & Procedure outlines how our information is protected against inappropriate disclosure, ensuring that the data is accurate, timely and only accessible to authorised persons. The Information Security Policy & Procedure was developed and is periodically updated in alignment with Yinson’s Data Privacy Policy which ensures that complementing provisions for data privacy are included. There are also other related policies such as the COBE Policy which address specific areas of information security. Further, the policy outlines a data breach reporting mechanism and response plan. We conduct Information Security training to raise awareness amongst our employees, contractors and third parties on Yinson’s information security policies, as well as departmental and local information security responsibilities. The Group takes active measures to evaluate its management of cybersecurity. Yinson’s IT team conducts yearly strategic alignment touchpoints with stakeholders, followed by monthly stakeholder meetings to facilitate Demand Management. The Group Chief Information Officer (“Group CIO”) attends monthly meetings with CEOs of business units to report on deliverables and to ensure that Yinson’s business needs are constantly aligned with IT projects.
RkJQdWJsaXNoZXIy NDgzMzc=