ESR Group Limited Annual Report 202461STRATEGIC REPORTSCORPORATE GOVERNANCEFINANCIAL STATEMENTSA Security Operations Centre (%u201cSOC%u201d) has been established and is monitored by a third-party service provider, in collaboration with the Group IT Department. This initiative is designed to monitor external events that could impact ESR%u2019s network and data. The SOC continuously enhances ESR%u2019s security posture by preventing, detecting, analysing and responding to any potential cybersecurity incidents.An information technology disaster recovery plan is in place and tested annually to ensure that ESR%u2019s business recovery objectives are met in the event of a disaster, including ensuring that proprietary information remains secure.To augment ESR%u2019s defence mechanisms against the financial repercussions of cyber incidents, the Group has secured cyber liability insurance which also covers information security risks. This strategic move provides an additional safeguard, aimed at mitigating the potential financial losses and liabilities that may arise from cybersecurity threats and data breaches. This comprehensive approach to managing technology risks underscores the Group%u2019s proactive stance in safeguarding the Company%u2019s assets and reputation, reinforcing the Group%u2019s commitment to operational excellence and stakeholder trust.Technology RiskThe Group acknowledges the rising threats posed by cyberattacks which have become increasingly prevalent and sophisticated. In response, the management continuously assesses the adequacy of computer systems and implements improvements to the platforms, reflecting the increased reliance on technology to enhance operational efficiency and provide high quality internal governance. ESR has put in measures to protect itself against technology-related risks which may arise from both internal and external sources. The Group has instituted robust measures to manage technology-related risks emanating from both internal and external sources. In alignment with international standards, ESR Group has successfullyobtainedISO27001:2022certificationforitsinformation security management system. In addition, ESR has in place a comprehensive set of information technology policies and procedures governing information availability, confidentiality and security to prevent any leakage of confidential information.The Group provides regular updates on cybersecurity through key risk updates and key risk indicators at quarterly Audit Committee meetings. This keeps the Board well-informed about the Group%u2019s security posture, ongoing initiatives and potential threats, thus fostering strategic guidance and enhancing decision-making capabilities.To ensure the Group remains vigilant against potential security breaches and phishing scams, the Group IT team conducts mandatory annual training on IT security awareness. This is part of the Group%u2019s broader commitment to fostering a culture of continuous learning and adaptation, which is critical in the face of evolving cyber threats. Moreover, the constant monitoring of internet gateways, coupled with regular network vulnerability assessment and penetration testing by third party consultants, helps the Group to identify any potential security gaps promptly. Such measures are crucial, as weak IT security can tarnish ESR%u2019s reputation and erode stakeholder confidence.Over the past three years, the Group reported no information security breaches, a testament to the effectiveness of the Group%u2019s cybersecurity measures and its proactive risk management approach. ESR engages service providers to carry out a range of business functions. To ensure effective third-party security management, ESR has developed a robust framework and various processes to assess and monitor the information security controls implemented by third-party vendor, ensuring compliance with its stringent security standards.