038 KIMLUN CORPORATION BERHAD • SUSTAINABILITY STATEMENT Our Board of Directors and employees are required to adhere to corporate disclosure guidelines in compliance with the Main Market Listing Requirements and Personal Data Protection Act 2010 (“PDPA”), ensuring strict control over sensitive information and preventing the misuse of insider information for personal gain, such as insider trading. Employees are also guided by the KLSB’s Information Technology Policy, which outlines protocols for handling customer and personal data, responsible usage of IT systems, maintaining cyber hygiene and reduce exposure to digital threats. Risks Opportunities • Data loss or corruption resulting from system failures or unsuccessful system recovery processes may disrupt business operations, potentially leading to project delays, operational inefficiencies, revenue loss and the risk of delays in obtaining or renewing regulatory permits. • Weak cybersecurity practices or data handling controls among third parties could expose the Group to indirect data breaches or unauthorised data disclosures beyond the Group’s direct control leading to reputational damage, reduced customer trust and legal implications • Non-compliance with data protection and cybersecurity regulations may expose the Group to legal action, financial penalties, and increased scrutiny from regulators. • Building stakeholder and employee awareness on data protection and accountability • The Group can strengthen business continuity and operational resilience • Strong data privacy and security practices enhances stakeholder trust and confidence Our Approach Information Security To address these risks proactively, we engage qualified third‑party professional service providers to manage and strengthen our IT systems, security controls, and network resilience in alignment with Kimlun’s internal IT security requirements. This partnership ensures continuous monitoring, timely threat response, and adherence to industry‑relevant best practices. All Board members and employees are required to comply with corporate disclosure guidelines in line with the Main Market Listing Requirements and PDPA, ensuring strict management of sensitive information and preventing misuse such as insider trading. Through these measures, we aim to prevent IT‑related incidents through structured policies and continuous awareness. Data Privacy Risk Assessment The Group has also conducted thorough assessments across all operations to identify corruption-related risks as part of our ongoing risk management practices. The Group remained committed to maintaining full (100%) operational assessment throughout FY2025. To date, the Group is pleased to report zero data privacy breaches, reflecting the effectiveness of our controls and our commitment to maintaining a secure and trusted digital environment. Indicator Unit FY2023 FY2024 FY2025 Number of Confirmed Incidents of Breaches of Customer Privacy and Loss of Customer Data Number 0 0 0
RkJQdWJsaXNoZXIy NDgzMzc=