ESR Group Limited Annual Report 2023 63 Technology Risk The Group acknowledges the rising threats posed by cyberattacks which have become increasingly more prevalent and sophisticated. In response, ESR Group continuously assesses the adequacy of the computer systems and implement improvements to the platforms, reflecting the Group's increased reliance on technology to enhance operational efficiency and provide high quality internal governance. ESR Group has put in measures to protect itself against technology-related risks which may arise from both internal and external sources. The Group has instituted robust measures to shield the Group from technology-related risks emanating from both internal and external sources. In addition, ESR Group has in place comprehensive set of information technology policies and procedures governing information availability, confidentiality and security to prevent any leakage of confidential information. Management provides the Audit Committee with regular half-yearly cybersecurity updates using Key Risk Indicators, as well as an annual comprehensive cybersecurity update. This keeps the board well-informed about the Group's security posture, ongoing initiatives, and potential threats, thus fostering strategic guidance and enhancing decision-making capabilities. To ensure the Group remains vigilant against potential security breaches and phishing scams, mandatory annual training on IT security awareness is conducted. This is part of the Group's broader commitment to fostering a culture of continuous learning and adaptation, which is critical in the face of evolving cyber threats. Moreover, the constant monitoring of internet gateways, coupled with regular network vulnerability assessment and penetration testing by third party consultants, helps the Group to identify any potential security gaps promptly. Such measures are crucial, as weak IT security can tarnish ESR Group's reputation and erode stakeholder confidence. Over the past three years, ESR is proud to report that there has been no group-wide and third-party information security breach, a testament to the effectiveness of the Group's cybersecurity measures and proactive risk management approach. ESR Group engages service providers to carry out a range of business functions. To ensure effective third-party security management, ESR Group has developed a robust framework and processes to assess and monitor the information security controls implemented by third parties and continuing compliance with the Group's stringent security standards. A Security Operations Centre (“SOC”) has been established and monitored by a third-party service provider, in collaboration with Group IT. This initiative is designed to monitor external events that could impact ESR Group's network and data. The SOC continuously enhances ESR Group's security posture while preventing, detecting, analysing and responding to any potential cybersecurity incidents. An information technology disaster recovery plan is in place and tested annually to ensure that ESR Group’s business recovery objectives are met in the event of a disaster including ensuring the proprietary information remains secure. To augment its defence mechanisms against the financial repercussions of cyber incidents, the Group has secured cyber liability insurance, which also covers information security risks. This strategic move provides an additional safeguard, aimed at mitigating the potential financial losses and liabilities that may arise from cybersecurity threats and data breaches. This comprehensive approach to managing technology risks underscores the proactive stance in safeguarding the Company’s assets and reputation, reinforcing its commitment to operational excellence and stakeholder trust. STRATEGIC REPORTS CORPORATE GOVERNANCE FINANCIAL STATEMENTS
RkJQdWJsaXNoZXIy MTIwODcxMw==