KENANGA ANNUAL REPORT 2020

89 ANNUAL REPORT 2020 // KENANGA INVESTMENT BANK BERHAD As we move into a future shaped by digitalisation and innovation, there is an increasing urgency to step up cyber security measures. As cloud-based hosting and software-as-service solutions progressively form the core of our cyber infrastructure, we forge strategic partnerships with leading technology providers to deliver, secure and trusted service for customers. Within our Group Digital, Technology and Transformation Division, our team of skilled cyber security experts lead the Information Technology Governance & Security ( “ITGS” ) workstream. Mandated to defend against cyber threats and attacks, the team delivers on the Group’s cyber security to ensure business continuity and operations. In 2020, the ITGS team implemented progressive cyber security solutions to further protect corporate information and customer privacy. Key highlights include enhancements to the Group’s ability to monitor data movement across the organisation, as well as, deploying tools to detect anomalous data-handling behaviours. Additionally, we enhanced our cyber resilience through the following actions: • Invested in new technology to protect customer data against leaks or breaches; • Introduced a mobile device management tool to manage access to confidential information on our employees’ personal mobile phones; • Implemented additional security measures for our servers to shield from vulnerabilities on a real-time basis; and • Integrated security solutions for 24/7 monitoring of our endpoints for advanced persistent threats. Our Commitment: SAFEGUARDING CLIENT DATA Our IT Security Policy is aligned to the Personal Data Protection Act 2010 ( “PDPA” ), as outlined by Bursa Malaysia, Bank Negara Malaysia and the Security Commission Malaysia Guidelines on IT and Cyber Security. For transparency and ease of reference, a Privacy Notice is published on our corporate website which details the parameters in which we use customer data. The Group’s cyber security defence systems operate 24/7. Through the deployment of rigorous testing and protective assessment, our IT team work to detect and resolve potential vulnerabilities – applying measures to secure and protect confidential customer information. Cyber-Aware Employees We work to train our employees to stand guard as the first line of defence against potential attacks from cyber threats. Cyber security training is mandatory for all. CYBER SECURITY CAPACITY BUILDING IN 2020 Invested in an email phishing simulator that trains employees to identify phishing attacks. Conducted simulation via emails on employees, with employees achieving a 93% success rate in identifying phishing emails. Delivered 4 cyber security training sessions mandatory for all employees. Disseminated 33 awareness notifications, reminding employees to be on alert against SPAM/phishing emails. CYBER SECURITY Quality of Product Pricing Credit Assessment Financial Stability Company Background Check Business Continuity Strategy Proof of Concept Supplier Evaluation Criteria OUR SUPPLIER EVALUATION MODEL