MAHB | Annual Report 2023

Our Investment case Our Leadership Statement ANNUAL REPORT 2023 70 Cybersecurity and data protection are a key consideration which refers to Malaysia Airports’ capabilities in protecting the security and privacy of stakeholders’ business information and systems. Airport operations are a national security matter and as processes and transactions are increasingly digitalised and data is shared among airport stakeholders for efficiency and effectiveness of our airports, there are increased risks relating to cyber-related security threats and exposure of data to third parties. As such, cybersecurity is crucial to ensure the data of stakeholders and the Group’s own data and digitalised processes are always protected. HIGHLIGHTS Malaysia Airports has in place a Cybersecurity Acceleration Programme to safeguard the Group from threats. Following a comprehensive review of the programme, the Group launched the Cybersecurity Acceleration Programme 2.0 to strengthen the organisation against ever-evolving cyber threats and attacks. For our operations in Türkiye, in 2023, we made technology investments to improve and enhance our cybersecurity capabilities. Enterprise risk assessments Risk assessments are regularly conducted by all divisions and subsidiaries. The cybersecurity-related risk has been assessed at the corporate level for all systems managed by the Group’s IT Division and identified risks will be rectified in ongoing mitigation projects. Employee Training As our employees can be a strong line of defence against cybersecurity threats, an online learning programme is conducted quarterly, and all employees must pass the exam quiz to gauge their understanding of all topics they have learned. Cybersecurity posters are also produced quarterly to enhance employees’ knowledge on protecting data confidentiality, preserving data integrity and promoting data availability for authorised users. CYBERSECURITY AND DATA PROTECTION M4 LINK TO STRATEGY AND KEY ENABLERS CAPITALS AFFECTED AND TRADE-OFFS: LINK TO UN SDGS MATERIAL MATTERS M I F STAKEHOLDERS INVOLVED S1 S3 S9 Operating procedures updates Malaysia Airports regularly updates applicable Standard Operating Procedures and General Procedures to include cybersecurity security elements for the development and testing team and other related parties. There are also knowledge sharing sessions with all relevant stakeholders on cybersecurity and IT governance. SAW investments in cybersecurity Investments in upgrading the airport’s cybersecurity capabilities have resulted in better visibility and awareness of cyber threats. In addition, data relating to the attacks is gathered and analysed to enhance protection and to assess and detect future threats. Training for employees is also conducted to increase their awareness on cyber threats. The airport also conducts internal audits, and ensures that corrective and preventive actions are taken to minimise the risk of cybersecurity breaches. • Reimagining Passenger Experience

RkJQdWJsaXNoZXIy NTkwNzg=