SOURCE: CLP Group
The CLP Group has pledged in its new Sustainability Report to focus on investing in people and resources to manage the increasing scale and severity of cyber security risks.
Enhancing cyber security governance
The company centres on building an industry-leading cyber security governance framework which starts with a business impact-driven assessment of its current cyber security position, based on which it establishes clear priorities for cyber risk mitigation.
CLP is vigilant in being prepared for a cyber-induced crisis. It monitors alerts from its information technology and operational systems and provide continuous upskilling and training for staff to equip them with the skills required to identify and detect anomalies. It regularly reviews and practises through drills of its Cyber Security Incident Response Process, which establishes a consistent response protocol that can be implemented upon detection of an incident.
Building internal capacity
To enhance CLP’s internal cyber security capabilities, it established a specialist team of cyber security professionals in 2018 by training internal experts from the operations team. This initiative will help embed cyber security practices into its day-to-day business. CLP also conducted a range of activities to raise cyber security awareness throughout the year.
In light of the new mandatory data breach reporting obligations legislated under the Australian Privacy Act 1988 (Privacy Act), EnergyAustralia underwent an internal risk assessment to understand its ability to comply. Company-wide communications, employee training and briefing sessions with leadership were conducted to ensure all staff had current privacy and data management training. In addition, a Data Breach Response Plan was implemented.
CLP will continue to make structural changes to ensure that its cyber security capabilities, governance, management and execution is effective and world-class.
In an effort to build a holistic approach to managing and protecting data, the company also periodically reviews and enhances the CLP Privacy Principles and the CLP Personal Data Protection Compliance Manual to ensure they meet the latest regulatory requirements and continue to reflect the expectations of its stakeholders.
EnergyAustralia, for instance, has an information security framework in place to assess and manage the cyber security risks that can arise from engaging with third parties. In addition to mandatory annual training for all employees on privacy, information security and its Code of Conduct, it regularly reviews who can see and download customer data. It also has strict access controls and data masking programmes to protect sensitive information. Quality assurance is undertaken to check that correct processes have been followed.
Cyber resilience is important for companies like CLP that provides critical infrastructure. A cyber breach could have a significant impact not only on the company, but also on the environment and the economy at large. Hence, CLP works closely with cyber security start-ups; leverages global insights from established technology providers and cyber security professionals; and collaborates with industry peers, the government and law enforcement to enhance its capabilities in managing cyber risks.
To learn more, read the CLP Group’s 2018 Sustainability Report.
Any stakeholder who sends feedback to CLP on its Sustainability Report, Annual Report or online snapshot on or before 30 June 2019 will receive four CLP Carbon Credits, which can be used to offset emissions from a 15-hour economy return flight or equivalent.
Tweet me: #CLPGroup has pledged in its new Sustainability Report to focus on investing in people and resources to manage the increasing scale and severity of cyber security risks. http://bit.ly/2Hpi6IM #CLPsustainability #CLPSustainabilityReport
KEYWORDS: CLP, HKSE:0002.HK, cyber security, Data Protection, EnergyAustralia, Hong Kong, privacy