DATA PRIVACY AND SECURITY The technology used within the banking industry plays a pivotal role in protecting our stakeholders’ personal and financial data. That said, we constantly practice due diligence when it comes to dealing with our clients, employees, and their personal information. At BIMB, we strictly comply with regulations that govern the collection, use, and storage of personal data to avoid legal penalties and maintain our standards in Malaysia’s banking industry. As customers are increasingly concerned about how their personal data is collected and used by businesses, BIMB has proven to avoid any sort of data breach that might lead to financial loss, damage to reputation, and legal liability. By safeguarding their financial assets, we are able to maintain the trust and loyalty of our customers. Overall, data privacy and security are important to us because they enable compliance with regulations, protect our customer assets and avoid data breaches. Progress in 2022 1 Strengthening Governance through Policies and Guidelines In 2022, we revised and updated our policies on technology risk, cybersecurity risk, and data governance, as well as introduced guidelines on data classification and handling, as well as cybersecurity standards. These measures aim to enhance governance and ensure that data is managed securely. 2 Capacity Building on Data Privacy and Cybersecurity We launched mandatory e-learning modules on information security for employees and conducted regular security campaigns and classroom awareness sessions to improve employees’ understanding of the importance of data privacy and cybersecurity. Mandatory training sessions on data protection awareness were conducted during project kick-offs to ensure that employees understand the risks associated with data privacy and cybersecurity. 3 Nurturing a Culture of Data Privacy and Security To promote data privacy and security as part of a responsible bank culture, we provided data privacy, information and security management, and data protection training to all new employees. Regular phishing sessions and simulation exercises were also conducted to enhance employees’ understanding of data privacy and cybersecurity. 4 Strengthening Our Security Controls During the year, we improved our security controls testing initiative to detect cyber threats and vulnerabilities. This includes red teaming campaigns, regular vulnerability assessments and penetration testing, compromise assessments, outsourcing due diligences, and data loss prevention control assessments. These measures aim to ensure that our systems and processes are robust and secure against potential cyber-attacks and data leakage. Outlook In 2023, the pace of activity in the areas of data privacy and cybersecurity continues to accelerate; data and information protection are vital for all aspects of a bank. As we continue to implement digital programmes that is transforming the way we operate and how people access information and services, we require increasingly robust cyber security measures. Our Bank-wide strategy for this year is to continue strengthening the security of the Bank’s data and information systems. This includes achieving a balance between embracing digital opportunities, including making information more accessible and widely available, and ensuring adequate levels of protection are in place. This strategy demonstrates our commitment to further developing a wide range of responses, from basic cyber hygiene to the most sophisticated defences, which includes building a Zero Trust cybersecurity framework. Sustainability Statement Bank Islam Malaysia Berhad 145 01 05 03 07 02 06 09 04 08
RkJQdWJsaXNoZXIy NDgzMzc=