MISC BERHAD INTEGRATED ANNUAL REPORT 2025 08 09 10 01 02 03 04 05 06 07 12 13 SEC 11 GOVERNANCE 10 232 www.miscgroup.com 233 www.miscgroup.com #deliveringProgress STATEMENT ON RISK MANAGEMENT & INTERNAL CONTROL CYBERSECURITY In 2025, MISC continued strengthening cyber resilience under its multi-year Cybersecurity Strategic Plan. Key areas of focus included enhancing third-party cybersecurity requirements through updated procurement processes and the deployment of a continuous monitoring tool for high-risk IT vendors. For maritime operations, MISC advanced its cyber protections for maritime assets by implementing cybersecurity monitoring and attestation mechanisms, enabling continuous detection of threats in response to heightened Operational Technology (OT) risk and regulatory expectations that may affect safety, operational continuity, and asset integrity. Operational measures and controls were further strengthened through continuous updates to reflect emerging risks, regulatory changes, and advancements in technology. Detection and response capabilities were further enhanced through improvements to the Security Operations Centre with the introduction of automated response technology. It strengthened MISC’s ability to prevent, detect and respond to threats across its digital and operational environments. Assurance activities – including tabletop exercises, redteaming exercises, and cybersecurity attestation reviews – provided continuous validation of control effectiveness. MISC also reinforced its cybersecurity culture through structured awareness programmes, gamified training and phishing simulations, supporting its target of Zero Major Cybersecurity Incident. Performance and control effectiveness are assessed through a structured set of key performance indicators, anchored by MISC’s commitment to achieving Zero Major Cybersecurity Incident. The oversight and implementation activities are managed by a formal cybersecurity team led by a qualified Chief Information Security Officer, with progress reported regularly to the Group HSSE and Sustainability Council and the BSRC, ensuring strong governance, accountability and alignment with MISC Group’s Risk Appetite. MISC Cybersecurity Framework The cybersecurity governance framework outlines the policies and procedures, specifies the cybersecurity control standards, and ensures a consistent approach to managing cybersecurity for the Group. Cybersecurity Governance Cybersecurity risks are managed by the team based on a group-wide methodology. All projects and implementation of IT/OT facilities will be assessed and remediated prior to handing over to operation. Regular assessments are conducted to identify changes in risk profiles and ensure continuous improvement. Cybersecurity Risk Management Formal and structured cybersecurity campaigns and awareness programmes are conducted combining MISC Group internal cybersecurity training and email phishing campaigns. On-going cybersecurity announcements are done to provide security alerts and updates of cybersecurity incidents in developing a security culture where everyone understands that cybersecurity is everyone’s responsibility. Cybersecurity Culture MISC Group adopts proven and cost-effective technology solutions in detecting and preventing cyber-attacks, as well as responding and recovering from cyber-attacks. These technologies comprise of Artificial Intelligence, cloud computing and data analytics and are revised regularly to reduce MISC Group’s risks from cyber-attacks. Cybersecurity Technology STATEMENT ON RISK MANAGEMENT & INTERNAL CONTROL HUMAN RESOURCE MISC Group proactively manages human capital risks to ensure a sustainable, capable and future-ready workforce aligned with its strategic objectives. Workforce demographic insights inform targeted talent strategies, supported by strong leadership accountability across all levels. Key focus areas include performance management, succession and leadership development, capability building, diversity and inclusion, employee well-being and regulatory compliance. Together, these measures ensure business continuity, long-term growth and organisational resilience. Performance management is a core control underpinning MISC’s high-performance culture. The Employee Performance Management mitigates risks related to underperformance, capability gaps and misalignment with business priorities. This includes annual expectation setting, quarterly check-ins, and mid-year and year-end reviews. Beginning with the mid-year review 2025, MISC implemented a revised rating scale aligned with the year-end scale to ensure consistency, enable earlier identification of performance gaps and support timely interventions. Leadership continuity risks are addressed through structured succession planning for key roles. Successors are assessed based on performance, leadership capability and cultural alignment, supported by external talent assessments. Development actions are guided by the Leadership Development Framework, with readiness monitored through the Talent Review process and reinforced through targeted leadership development programmes. MISC addresses skills and capability risks through targeted development initiatives. Strategic programmes such as Techno-Commercial Excellence in Maritime, Professional Engineer Development Programme and the Marine Multi-Skilling Programme strengthen critical competencies, enhance operational flexibility and support workforce readiness. MISC fosters diversity, equity and inclusion under its ESG Social Pillar to reduce risks of discrimination, inequitable practices, disengagement and barriers to talent progression. Programmes such as the Platform Series and the PETRONAS Leading Women Network Maritime Chapter promote inclusive leadership, supported by grievance and whistleblowing mechanisms. Employee well-being is further supported through flexible work policies and mental health programmes via the Employee Assistance Programme. MISC also ensures compliance with local and international labour laws, safeguarding welfare onshore and at sea. Through integrated Human Resource risk management practices, MISC strengthens workforce capability, engagement and compliance, supports business continuity and builds long-term organisational resilience. COMPLIANCE & ETHICS The strategic priority – Governance & Business Ethics, under the Governance Pillar of the Sustainability Strategy, is to continuously embed a culture of strong corporate governance and business ethics and conduct within the Group. The Governance Pillar maps out the Group’s compliance strategy, objectives, and guidance through the Compliance Management Framework to assist Management, business and operations in developing, managing, and maintaining the governance required to meet and sustain the compliance strategy and objectives across the Group, including the performance of the core functions of an Integrity Governance Unit i.e., complaints management, detection and verification of breaches, integrity strengthening, and governance management. MISC Group has put in place fundamental policies in line with the CoBE which extends to employees and directors within the Group and third parties performing works or services for or on behalf of the Group. Internal controls, including policies and measures addressing the Critical Legal Areas (CLA) related to ethics and integrity (including human rights and modern slavery), personal data protection, sanctions, export control, and competition, are implemented through the following policies: • MISC Group has a zero tolerance policy (ABC Policy and Manual) which applies to employees or companies acting for or on behalf of MISC, throughout the Group, reflecting the commitment of zero tolerance against any corrupt or unethical practices in the course of conducting business in all the jurisdictions it operates in. This is further strengthened through the Integrity Management System, which sets out the requisite requirements to prevent, identify and respond to bribery, of which MISC Group are ISO Anti-Bribery Management System (ABMS) certified entities, i.e. MISC Berhad and MHB have received the ISO 37001:2016 (ISO ABMS) certification in 2019, followed by AET in 2020, MISC Marine in 2022, and ALAM in 2023.
RkJQdWJsaXNoZXIy NDgzMzc=