Key Achievements DATA PRIVACY AND SECURITY We recognise the critical role of data privacy and security in upholding customer trust and stakeholder confidence, ensuring operational resilience, and supporting the broader financial ecosystem. Through our Defence-in-Depth strategy, we leverage a comprehensive suite of cutting-edge technologies, allowing us to stay ahead of evolving threats and regulatory requirements. Our vision is to be ‘Nimble on the outside, a fortress on the inside.’ This approach is built on three key pillars: Enhanced Technology Resilience: o Most of our IT investments are dedicated to creating a stable and resilient infrastructure. o This focus reduces downtime, maintenance costs and operational disruptions, ensuring seamless service delivery. Strengthened Security: o Advanced security measures are implemented to protect against cyber attacks and ransomware. o We have adopted a zero-trust framework as part of our broader strategy to continuously fortify security, safeguard data, and enhance resilience across our digital ecosystem. Future-Proof Architecture and Digital Capabilities: o We are building a reliable and scalable architecture to support future growth and innovation. o Our cloud-first strategy, supported by a robust microservices architecture, ensures faster speed to market and seamless integration of digital capabilities. 1 2 3 We continue strengthening our risk management capabilities and governance practices to ensure robust security and data privacy. Key initiatives include: • Alignment of governance practices: Regular reviews and updates to our frameworks, policies, and procedures ensure their relevance and robustness. Notable achievements include enhancement and implementation of multiple frameworks such as the Group Technology Risk Management Framework, Group Cyber Resilience Framework, and Group Data Governance Framework—and enhanced existing policies and procedures in line with these latest frameworks, regulatory requirements and industry best practices. • Embedding security and privacy by design: Leading security tools are integrated in our operations to achieve security and privacy by design. These range from various tools which offers advanced security capabilities and are continuously refined over time to maintain the desired level of security and protection. • Managing third-party risks: To enhance the resilience of our service delivery and operations, we have established a Group Third-Party Risk Management Framework to mitigate risks associated with third-party engagements. Additionally, we have progressively enhanced our due diligence reviews by incorporating cybersecurity and data management requirements for critical service providers. • Dedicated training and awareness initiatives: To foster a culture of security and privacy, we conduct regular training programs focused on data privacy and security. These initiatives include infographics, e-learning modules, and classroom sessions tailored to staff needs. • Closer collaboration with key stakeholders: We actively collaborate with regulatory bodies, such as Bank Negara Malaysia (BNM), and participate in industry-led forums, including Chief Information Security Officer (CISO) working group. These engagements facilitate knowledge sharing and equip us to proactively navigate evolving regulatory and risk challenges. • Process transformation: We continue to re-engineer and optimise processes to manage data privacy and security risks. Key transformations include introducing data protection and quality management processes alongside pivotal zero-trust initiatives, which enhance resilience and adaptability of our security environment. Bank Islam Malaysia Berhad ◆ Integrated Annual Report 2024 80 Placing Digital at the Core
RkJQdWJsaXNoZXIy NDgzMzc=