Information Security is a cornerstone of CIMB's risk management, as well as fraud and crime prevention programmes. CIMB has continuously improved efforts on assessment, monitoring, and strengthening of cybersecurity protection and access controls. Cybersecurity is a key component of technological risk, which is managed under the Enterprise-wide Risk Management Framework.
CIMB's cybersecurity processes, technology, and manpower are benchmarked against the best in the industry. We adhere to Financial Services Industry Best Security Standards, as well as local regulatory and procedural requirements. This also extends to the suite of policies that articulate our approach to security, including the Group Technology Risk Management Framework, and the Group IT Security Policy, developed and certified in alignment with the US National Institute of Standards and Technology Cybersecurity Framework (NIST) and ISO27001.
We are members of the Bank Negara Malaysia Financial Threat Intelligence Platform (FIN-TIP), BNM Cyber Working Group (CWG) and the Financial Services Information Sharing and Analysis Center (FS-ISAC), a global cyber-intelligence sharing community focused on financial services.
Board Responsibility
Mr Chu Hong Keong, an Independent Director, provides oversight on CIMB’s cybersecurity strategy as a member of the Banking Group Board Risk and Compliance Committee. He has over 30 years of experience and expertise in banking technology and operations, e-business, strategic and digital transformation and risk/fraud management.
Executive Management Responsibility
The Chief Information Security Officer has oversight of technology and cybersecurity risks, and regularly reports to the Group Chief Risk Officer. The Data Protection Office serves as an advisor on the Privacy Principle of Security and liaison with the Privacy/Data Protection regulator in respective countries.