Axiata Sustainability

Driving Governance & Risk

Digital Integrity

Driving Governance & Risk

Digital Integrity

As a digital conglomerate, we are exposed to fast-evolving cyber and informational risks that threaten our intellectual property, business-critical information and the personal data of our customers. Therefore, in order to ensure uninterrupted business operations and maintain the trust of our stakeholders, it is vital that we adopt advanced approaches to cyber security and data privacy.

With the aim of minimising the risk of data breaches, we have established a robust set of policies governing our approach. Supporting this, we continuously upskill our employees in modern digital risks, engage external analysts to assess our approach, and conduct due diligence exercises on our vendors’ data-handling practices. By putting digital integrity first, we are positioning ourselves ideally to achieve our vision of becoming The Next Generation Digital Champion.

Outlook

We are committed to strengthening our privacy capabilities and upskilling our personnel to comply with legislation and regulatory requirements. We have data privacy personnel who have Certified Information Privacy Manager credentials in addition to adopting globally recognised data privacy practices across all OpCos. We are currently refreshing a privacy programme that will span over the next three years to enable the Axiata 5.0 vision and enhance ESG maturity.

We are also developing a long-term Data Privacy and Cyber Security Strategy Framework and Roadmap to standardise and align all OpCos to meet their strategic objectives. Key strategies to strengthen defences and reduce the risk of cyber threats will be rolled out in 2023, and cyber security and data privacy performance metrics will be incorporated into OpCos’ KPI scorecards. A refresh of the Digital Trust & Resilience strategy is also planned for 2023 to proactively manage current and emerging cyber security threats, and respond to evolving attack vectors.

Driving A Long-Term Approach

Cognisant of the fast-changing information security landscape, our approach to data privacy and cyber security is guided by the following:

Data Privacy

  • Privacy Commitment founded on the T.R.U.S.T (Transparent, Rights, Use,  Security and Transfer) principles
  • Group Data Privacy Policy and Privacy  Notices
  • Three-year Privacy Programme  (2020-2022)

Cyber Security

  • Group Information Security Policy
  • Digital Trust & Resilience  (DT&R) 2023 Strategy
  • Zero Trust Framework

Data Privacy

  • Privacy Commitment founded on the T.R.U.S.T (Transparent, Rights, Use,  Security and Transfer) principles
  • Group Data Privacy Policy and Privacy Notices
  • Three-year Privacy Programme  (2020-2022)

Cyber Security

  • Group Information Security Policy
  • Digital Trust & Resilience  (DT&R) 2023 Strategy
  • Zero Trust Framework

Ingraining Data Privacy In Our Processes

The priority we place on data privacy and security is reflected in our Privacy Commitment based on the T.R.U.S.T. principles. The commitment enshrines the importance of strong security and privacy governance across technology, processes and people. It is supported by our Group Data Privacy Policy and Privacy Notices, which provide a roadmap for the embedding of data privacy considerations in our operations and our supply chain.

Our aggregate Privacy Maturity Level increased from 1.4/5.0 to 3.1/5.0 between 2020 and 2022, a rise of more than 100%.

* The Privacy Maturity Level is conducted internally based on self-assessment and excludes BOOST, ADA, ADL and Link Net

Meeting Modern Cyber Security Demands

Cyber security has emerged as a pre-eminent risk for all digital companies, as increasingly sophisticated cybercriminals devise new ways of dealing damage to corporate entities with greater frequency. Understanding the danger this poses to us, we implemented the Digital Trust & Resilience (DT&R) 2023 strategy, empowering our teams to develop proactive and response measures that sustain our cyber security posture and mitigate emerging cyber threats and risks.

DT&R 2023

Our Vision
To inspire trust and confidence in Axiata as The Next Generation Digital Champion

 

Our Mandate
To secure information assets against cyber threats across the Group in line with the Axiata 5.0 strategy

Guided by DT&R 2023, we have enhanced our security architecture through the adoption of the Zero Trust Framework, under which access to sensitive and critical assets is strictly controlled, continuously monitored and validated, thereby reducing the risk of data breaches and other cyber threats.

AGGREGATE CYBER SECURITY MATURITY LEVEL FOR AXIATA GROUP

Target

To rank among the 25th percentile in the ASEAN region on the NIST maturity industry benchmark by 2025

2022 Rank: in the top 30th percentile

Exceeded the regional average of companies across Asia Pacific, Europe and Latin America

2022 Rank: in the top 30th percentile Exceeded the regional average of companies across Asia Pacific, Europe and Latin America

The Axiata Cyber Fusion Centre

In 2022, we launched the Axiata Cyber Fusion Centre, a RM65 million state-of-the-art hub for our cyber security efforts. This centre expands our capabilities significantly, enabling us to undertake advanced modern-day threat protection across our network while driving collaborations with technology partners, business and the public sector towards enhancing regional cyber resilience.

Learn more about the centre and its potential from our Group Chief Risk & Compliance Officer.

Download
Full Report

A Purposeful Mission

Ultimately, our initiatives contribute to our corporate vision, purpose and values, delivering on our responsibilities as a regional telecommunications and digital leader.

Our vision

To be The Next Generation Digital Champion

Our purpose

Advancing Asia

Our vALUES

Uncompromising Integrity & Exceptional Performance