Sustainability Report 2021

62 Introduction Customers Social Governance Appendix Environment Sustainability Report 2021 Cybersecurity The merger between TMB Bank and Thanachart Bank in 2021 has allowed the Bank to join the ranks of Thailand’s Domestic Systemically Important Banks or D-SIBs—an integral part of the nation’s critical infrastructure. This has propelled cybersecurity to the forefront of the Bank’s business priority, resulting in an overhaul of the current organizational structure with emphasis on information technology and security. Consequently, the previous role of Chief Technology and Operating Officer was then restructured into two positions: Chief Information Officer (CIO) and ChiefOperatingOfficer (COO). TheCIO position is designed to strengthen ttb’s position as a digital leader in the Thai banking industry by setting company direction, establishing informationtechnologyand information security strategies, and managing implementation oversight, whereas the COO focuses on enhancing the Bank’s operational excellence. Simultaneously, theHeadof Enterprise Architecture and Information Security Office, who directly reports to the President, was appointed to Chief Information Security Officer (CISO) by the Board of Directors. The CISO’s role in the organization is to set direction and strategy of the Bank’s cybersecurity, toestablishend-to-end security technologies and processes, and to minimize information security related risks. As cybersecurity is of paramount to the Bank, the segregation of duties is used to prevent error and fraud and to ensure the integrity and security of the Bank’s data and information systems. On a quarterly basis, thecybersecurityriskdashboard, which is a security configuration management system to ensure that all risks are within the Bank’s risk appetite, is presented to the IT Oversight Committee (board of directors-level) and the IT Non-Financial Risk Committee (management-level). 0 Total number of information security breaches or other cybersecurity incidents 0 Total number of data breaches 0 Total number of customers and employees affected by company's data breach 0 Total amount of fines/ penalties paid for information security breaches or other cybersecurity incidents