OUR STRATEGIC CONTEXT 74 If not managed effectively, cybersecurity incidents or data breaches may lead to financial loss, operational disruption, regulatory penalties, and reputational harm. Conversely, strong cybersecurity controls, responsible data management, and regulatory compliance help safeguard sensitive information, maintain customer trust, and support uninterrupted operations. To strengthen accountability and oversight in relation to personal data protection, the Group has appointed five (5) Personal Data Protection Act (“PDPA”) Officers across its operations, comprising two (2) officers at the Group’s headquarters, one (1) officer overseeing Singapore operations, and two (2) officers overseeing the Indonesia subsidiary. MST Golf is committed to protecting customer data through secure, transparent, and compliant retail data management practices These officers support the Group’s data protection governance by informing and advising relevant data controllers and data processors on the processing of personal data, monitoring compliance with applicable personal data protection requirements, supporting the conduct of Data Protection Impact Assessments (“DPIAs”), and assisting with the preparation, processing, and submission of reports and related documentation in the event of reportable personal data breaches. This structure helps strengthen the Group’s operational readiness, internal accountability, and compliance discipline in managing personal data protection obligations across jurisdictions. Data Security and Privacy - Key Risk Snapshot Area Summary Risk Impacts Cybersecurity incidents, unauthorised access, or misuse of personal data could disrupt operations, trigger regulatory penalties, increase remediation costs, and damage customer trust and brand reputation. Risk Drivers Increasing digitalisation across e-commerce, memberships, payments, internal systems, human error, third-party system access, and evolving cyber threats. Risk Profile Moderate likelihood, high potential impact. Governance & Oversight Governance oversight by the GRSC, with operational accountability shared across the Management Information Systems (“MIS”) function, appointed PDPA Officers, Risk and Control function, and relevant department heads. Risk Management Approach Layered cybersecurity controls including IT governance policies, penetration testing, encrypted payment gateways, role-based access controls, data protection SOPs, data protection impact assessments, employee training, and cyber incident response planning. 2025 Performance Indicators Zero confirmed data breaches, no regulatory penalties related to data protection, and continued employee awareness on data privacy and cybersecurity. Financial Pathway Effective cybersecurity and data governance help protect customer trust, support uninterrupted operations, and reduce exposure to fines, recovery costs, and reputational-driven revenue loss. Forward Outlook Continue strengthening cybersecurity controls, employee awareness, vendor risk screening, and incident response readiness. SUSTAINABILITY STATEMENT
RkJQdWJsaXNoZXIy NDgzMzc=