Digital Integrity
The digital core of our business means that cyber security and data privacy are not just operational concerns, but strategic imperatives. Threats to intellectual property, critical systems, and personal data are constantly evolving, making resilience and trust foundational to our role as a digital partner.
In response to this challenging landscape, we have developed cyber security and data privacy strategies underpinned by strong governance, incorporating preventive, detective, and responsive controls. This integrated approach promotes a culture of accountability across our operations, strengthens customer trust, and supports the long-term resilience of our business.
Driving A Long-Term Approach
Cognisant of the fast-changing information security landscape, our approach to data privacy and cyber security is guided by the following:
-
Privacy Commitment based on the T.R.U.S.T principles (Transparent, Rights, Use, Security and Transfer)
-
Group Data Privacy Policy and Privacy Notices
-
#ASH 3.0: 2024-2026 Roadmap
-
Digital Trust and Resilience 2024-2026 Strategy
-
Group Information Security Policy
-
NIST Cyber Security Framework
-
Zero Trust Principles
Strengthening Data Privacy
Reflecting the importance of safeguarding the data of our business, customers, and stakeholders, we have developed and implemented the #ASH 3.0 roadmap to drive improvements in data privacy practices from 2024 to 2026.
Centred on the themes of Augment, Integrate, and Automate, #ASH 3.0 aims to accelerate data privacy maturity, enhance regulatory alignment, and strengthen risk assessment frameworks across all our OpCos. In 2024, it contributed to an increase in our aggregate privacy maturity level from 3.0 to 3.18 out of 5.0.
In response to this challenging landscape, we have developed cyber security and data privacy strategies underpinned by strong governance, incorporating preventive, detective, and responsive controls. This integrated approach promotes a culture of accountability across our operations, strengthens customer trust, and supports the long-term resilience of our business.
Enhancing Cyber Resilience
The Digital Trust & Resilience (DT&R) 2024-2026 cyber security strategy empowers us to enhance our operational resilience, efficiency, and threat response approach in an increasingly complex cyber security landscape.
In the 2024 NIST assessment, we recorded a maturity of 3.18, compared to 3.4 in 2023. However, the two scores are not directly comparable due to the transition to the NIST 2.0 Framework and stricter measurement criteria, which resulted in a more rigorous evaluation methodology.
Key Progress Highlights in 2024
-
Operationalising Zero Trust Architecture for applications and workloads, data and identity, endpoints and APIs
-
Adopting the NIST 2.0 Cyber Security Framework
-
Developing our Risk Quantification Concept Paper, which includes a structured methodology to predict the financial impact of cyber risks and support more informed decision-making
-
Migrating our 24/7 security monitoring and detection platform from an on-premises setup to a cloud solution
The Axiata Cyber Fusion Centre
In 2022, we launched the Axiata Cyber Fusion Centre (ACFC), a state-of-the-art facility that enhances our situational awareness in cyber security and promotes public-private partnerships to bolster cyber resilience in the region.
ACFC offers advanced support and protection for digital data, enabling modern threat monitoring and hunting to ensure business continuity. It has also paved the way for the launch of cutting-edge products – such as our award-winning, AI-powered threat attribution engine, HELIOS – which reinforce our leadership in cyber security.
Digital Integrity
The digital core of our business means that cyber security and data privacy are not just operational concerns, but strategic imperatives. Threats to intellectual property, critical systems, and personal data are constantly evolving, making resilience and trust foundational to our role as a digital partner.
In response to this challenging landscape, we have developed cyber security and data privacy strategies underpinned by strong governance, incorporating preventive, detective, and responsive controls. This integrated approach promotes a culture of accountability across our operations, strengthens customer trust, and supports the long-term resilience of our business.
Driving A Long-Term Approach
Cognisant of the fast-changing information security landscape, our approach to data privacy and cyber security is guided by the following:
-
Privacy Commitment based on the T.R.U.S.T principles (Transparent, Rights, Use, Security and Transfer)
-
Group Data Privacy Policy and Privacy Notices
-
#ASH 3.0: 2024-2026 Roadmap
-
Digital Trust and Resilience 2024-2026 Strategy
-
Group Information Security Policy
-
NIST Cyber Security Framework
-
Zero Trust Principles
Strengthening Data Privacy
Reflecting the importance of safeguarding the data of our business, customers, and stakeholders, we have developed and implemented the #ASH 3.0 roadmap to drive improvements in data privacy practices from 2024 to 2026.
Centred on the themes of Augment, Integrate, and Automate, #ASH 3.0 aims to accelerate data privacy maturity, enhance regulatory alignment, and strengthen risk assessment frameworks across all our OpCos. In 2024, it contributed to an increase in our aggregate privacy maturity level from 3.0 to 3.18 out of 5.0.
In response to this challenging landscape, we have developed cyber security and data privacy strategies underpinned by strong governance, incorporating preventive, detective, and responsive controls. This integrated approach promotes a culture of accountability across our operations, strengthens customer trust, and supports the long-term resilience of our business.
Enhancing Cyber Resilience
The Digital Trust & Resilience (DT&R) 2024-2026 cyber security strategy empowers us to enhance our operational resilience, efficiency, and threat response approach in an increasingly complex cyber security landscape.
In the 2024 NIST assessment, we recorded a maturity of 3.18, compared to 3.4 in 2023. However, the two scores are not directly comparable due to the transition to the NIST 2.0 Framework and stricter measurement criteria, which resulted in a more rigorous evaluation methodology.
Key Progress Highlights in 2024
-
Operationalising Zero Trust Architecture for applications and workloads, data and identity, endpoints and APIs
-
Adopting the NIST 2.0 Cyber Security Framework
-
Developing our Risk Quantification Concept Paper, which includes a structured methodology to predict the financial impact of cyber risks and support more informed decision-making
-
Migrating our 24/7 security monitoring and detection platform from an on-premises setup to a cloud solution
The Axiata Cyber Fusion Centre
In 2022, we launched the Axiata Cyber Fusion Centre (ACFC), a state-of-the-art facility that enhances our situational awareness in cyber security and promotes public-private partnerships to bolster cyber resilience in the region.
ACFC offers advanced support and protection for digital data, enabling modern threat monitoring and hunting to ensure business continuity. It has also paved the way for the launch of cutting-edge products – such as our award-winning, AI-powered threat attribution engine, HELIOS – which reinforce our leadership in cyber security.
