PILLAR 3: CORPORATE PERFORMANCERisk ManagementESR Group LimitedEnvironmental, Social and Governance Report 202473To ensure continuous protection against malware and network threats, both within and outside our corporate networks, the Group IT continues to leverage cloud-based security services for our staff computing devices. In 2024, ESR migrated our key IT system from on-premise hosting to cloud and achieved improved performance, resiliency and improved integration with our cloud based cyber security services. Our cyber defences undergo regular testing through vulnerability assessments and penetration testing by third-party security specialists. Additionally, we conduct regular backups and disaster recovery testing to ensure the uninterrupted continuity of our operations. These measures collectively strengthen our ability to prevent, detect and respond to potential threats, safeguarding our data, assets and reputation. Mandatory annual training sessions on IT security awareness, including simulated phishing tests, are conducted to keep employees informed and vigilant regarding potential security breaches and phishing scams. To augment our defence mechanisms against the financial repercussions of cyber incidents, the Group has secured cyber liability insurance, which also covers information security risks.Over the past four years, ESR is proud to report that there have been no group-wide and third-party information security breaches, a testament to the effectiveness of the Group%u2019s cybersecurity measures and proactive risk management approach. ESR engages service providers to carry out a range of business functions. To ensure effective third-party security management, the Group has developed a robust framework and processes to assess and monitor the information security controls implemented by third parties and continuing compliance with the Group%u2019s stringent security standards.ESR%u2019s Group Chief Operating Officer, Matthew Lawson, received the ISO 27001 certificate from BSI ASEAN.In bolstering our cybersecurity measures, vulnerability assessments are performed to test the integrity of the systems. In view of potential external threats that may impact ESR%u2019s network and data, a Security Operations Centre (%u201cSOC%u201d) has been established and supervised by a third-party service provider in collaboration with the Group IT department. The SOC continually monitors and enhances our security posture, proactively prevents, detects, analyses and responds to potential cybersecurity incidents. By regularly reviewing the information technology disaster recovery plan and assessing the robustness of our IT systems, we ensure the protection of critical information systems and safe recovery of essential business operations.