Digital Integrity
The digital core of our business means that cyber security and data privacy are not just operational concerns, but strategic imperatives. Threats to intellectual property, critical systems, and personal data are constantly evolving, making resilience and trust foundational to our role as a digital partner.
In response to this challenging landscape, we have developed cyber security and data privacy strategies underpinned by strong governance, incorporating preventive, detective, and responsive controls. This integrated approach promotes a culture of accountability across our operations, strengthens customer trust, and supports the long-term resilience of our business.
Driving A Long-Term Approach
Cognisant of the fast-changing information security landscape, our approach to data privacy and cyber security is guided by the following:
-
Privacy Commitment based on the T.R.U.S.T principles (Transparent, Rights, Use, Security and Transfer)
-
Group Data Privacy Policy and Privacy Notices
-
#ASH 3.0: 2024-2026 Roadmap
-
Digital Trust and Resilience 2024-2026 Strategy
-
Group Information Security Policy
-
NIST Cyber Security Framework
-
Zero Trust Principles
Advancing Data Privacy Maturity and Automation
In 2025, we advanced the implementation of our #ASH3.0 privacy strategy, completing the Augment and Integrate phases and positioning ourselves to enter the Automate phase in 2026. Thus far, the programme has strengthened regional exposure management, enhanced our governance instruments and expanded consistent implementation across our OpCos.
A Group-wide data privacy maturity assessment, validated by an independent assurance provider, confirmed that we have achieved Level 3 maturity. This reflects firm progress in documentation, control effectiveness, automation and regulatory alignment.
To further embed privacy-by-design and regulatory readiness, we undertook several targeted actions during 2025:
-
Conducted Privacy‑Enhancing Technology (PET) Assessment across all assets connected with Critical Data Processing Activities
-
Integrated data privacy drills with cyber security scenarios to capture readiness of playbooks on incident notification to regulators, as required by new regulations
-
Trained employees on emerging threats, regulatory changes and industry incidents to ensure readiness
-
Standardised reporting to the respective Risk and Compliance
-
Management Committee (RCMC) and Board
-
Risk and Compliance Committee (BRCC) to provide OpCo Boards with accurate, timely information for decision‑making
-
Mandated a compliance score to ensure each market meets applicable regulatory requirements
Enhancing Cyber Resilience
Our Digital Trust & Resilience (DT&R) 2024–2026 cyber security strategy empowers us to enhance our operational resilience, efficiency and threat response approach in an increasingly complex cyber security landscape.
In 2025, we achieved a cyber security maturity score of 3.52 out of 5.0 under the NIST Cybersecurity Framework 2.0. We have implemented Zero-Trust framework across our Technology environments supplemented through best in class Telco best practices. We have ensured all our critical systems are hardened with Minimum Baseline Security Standards (MBSS) and our Threat Intelligence and Red Teaming capabilities were enhanced through HELIOS, Axiata Group Berhad’s Patented Threat Attribution Platform.
Key Progress Highlights in 2025
-
Fully operationalised Zero Trust Architecture across applications, data, identity, endpoints and APIs
-
Achieved a cyber security maturity score of 3.52/5.0 under the NIST Cybersecurity Framework 2.0
-
Achieved full compliance with GSMA FS.31 for Telco MBSS
-
Completed security evaluations for major 5G requests for proposal, supported by a Secure-by-Design 5G checklist
-
Deployed the AI-powered HELIOS threat attribution platform
-
Migrated to a cloud-based SIEM platform, which covers over 9,000 nodes and more than 600 detection rules
The Axiata Cyber Fusion Center
In 2022, we launched the Axiata Cyber Fusion Center (ACFC), a state-of-the-art facility that enhances our situational awareness in cyber security and promotes public-private partnerships to bolster cyber resilience in the region.
ACFC offers advanced support and protection for digital data, enabling modern threat monitoring and hunting to ensure business continuity. It has also paved the way for the launch of cutting-edge products – such as our award-winning, AI-powered threat attribution engine, HELIOS – which reinforce our leadership in cyber security.
Digital Integrity
The digital core of our business means that cyber security and data privacy are not just operational concerns, but strategic imperatives. Threats to intellectual property, critical systems, and personal data are constantly evolving, making resilience and trust foundational to our role as a digital partner.
In response to this challenging landscape, we have developed cyber security and data privacy strategies underpinned by strong governance, incorporating preventive, detective, and responsive controls. This integrated approach promotes a culture of accountability across our operations, strengthens customer trust, and supports the long-term resilience of our business.
Driving A Long-Term Approach
Cognisant of the fast-changing information security landscape, our approach to data privacy and cyber security is guided by the following:
-
Privacy Commitment based on the T.R.U.S.T principles (Transparent, Rights, Use, Security and Transfer)
-
Group Data Privacy Policy and Privacy Notices
-
#ASH 3.0: 2024-2026 Roadmap
-
Digital Trust and Resilience 2024-2026 Strategy
-
Group Information Security Policy
-
NIST Cyber Security Framework
-
Zero Trust Principles
Advancing Data Privacy Maturity and Automation
In 2025, we advanced the implementation of our #ASH3.0 privacy strategy, completing the Augment and Integrate phases and positioning ourselves to enter the Automate phase in 2026. Thus far, the programme has strengthened regional exposure management, enhanced our governance instruments and expanded consistent implementation across our OpCos.
A Group-wide data privacy maturity assessment, validated by an independent assurance provider, confirmed that we have achieved Level 3 maturity. This reflects firm progress in documentation, control effectiveness, automation and regulatory alignment.
To further embed privacy-by-design and regulatory readiness, we undertook several targeted actions during 2025:
-
Conducted Privacy‑Enhancing Technology (PET) Assessment across all assets connected with Critical Data Processing Activities
-
Integrated data privacy drills with cyber security scenarios to capture readiness of playbooks on incident notification to regulators, as required by new regulations
-
Trained employees on emerging threats, regulatory changes and industry incidents to ensure readiness
-
Standardised reporting to the respective Risk and Compliance
-
Management Committee (RCMC) and Board
-
Risk and Compliance Committee (BRCC) to provide OpCo Boards with accurate, timely information for decision‑making
-
Mandated a compliance score to ensure each market meets applicable regulatory requirements
Enhancing Cyber Resilience
Our Digital Trust & Resilience (DT&R) 2024–2026 cyber security strategy empowers us to enhance our operational resilience, efficiency and threat response approach in an increasingly complex cyber security landscape.
In 2025, we achieved a cyber security maturity score of 3.52 out of 5.0 under the NIST Cybersecurity Framework 2.0. We have implemented Zero-Trust framework across our Technology environments supplemented through best in class Telco best practices. We have ensured all our critical systems are hardened with Minimum Baseline Security Standards (MBSS) and our Threat Intelligence and Red Teaming capabilities were enhanced through HELIOS, Axiata Group Berhad’s Patented Threat Attribution Platform.
Key Progress Highlights in 2025
-
Fully operationalised Zero Trust Architecture across applications, data, identity, endpoints and APIs
-
Achieved a cyber security maturity score of 3.52/5.0 under the NIST Cybersecurity Framework 2.0
-
Achieved full compliance with GSMA FS.31 for Telco MBSS
-
Completed security evaluations for major 5G requests for proposal, supported by a Secure-by-Design 5G checklist
-
Deployed the AI-powered HELIOS threat attribution platform
-
Migrated to a cloud-based SIEM platform, which covers over 9,000 nodes and more than 600 detection rules
The Axiata Cyber Fusion Center
In 2022, we launched the Axiata Cyber Fusion Center (ACFC), a state-of-the-art facility that enhances our situational awareness in cyber security and promotes public-private partnerships to bolster cyber resilience in the region.
ACFC offers advanced support and protection for digital data, enabling modern threat monitoring and hunting to ensure business continuity. It has also paved the way for the launch of cutting-edge products – such as our award-winning, AI-powered threat attribution engine, HELIOS – which reinforce our leadership in cyber security.
