Cybersecurity and Data Protection

The Group aims to establish a robust security standard that encompasses prevention, detection, response, and recovery from all forms of cyber threats.

The Group continuously improves the cybersecurity and data protection, both in the infrastructure, network systems, personnel, and data security policies. Implementation is aligned with international standards and legal requirements. The Group places emphasis on building stakeholder trust while fostering a culture of cybersecurity awareness organization-wide.

Year	Goals
2024	100%
2023	100%
2022	100%

Charoen Pokphand Group's Cybersecurity and Data Protection actions support the achievement of two Sustainable Development Goals:

Stakeholders Directly Impacted

Charoen Pokphand Group performs stakeholder assessment and prioritization process on an annual basis to evaluate impacts we have on them and how can they influence our strategies and actions over time. In 2024, the evaluation results showed that our action to protect all data, both corporate, suppliers, and customers, directly creates impacts on four stakeholder groups.

Business Partners

Employees and Families

Shareholders and Investors

Customers and Consumers

More Details on Stakeholder Engagement Supplement 2024

IT infrastructure certified with international IT standards

case

of complaints related to data security and cyber attack

Number of Cybersecurity Incidents that were Reported within the Standard Response Time

persons

Number of employees received training in the topic of personal data safety

Information Security Policy and Guidelines

Information Management Policy and Guidelines

Personal Data Protection Policy and Guidelines

Cybersecurity and Data Protection Management Approach

Charoen Pokphand Group's management approach to cybersecurity and data protection is rooted in a proactive, holistic, and risk-based strategy that prioritizes the protection of sensitive information across all its business operations and subsidiaries. Recognizing the rapidly evolving landscape of cyber threats, the Group places strong emphasis on continuous improvement and innovation in its security protocols. It adopts a forward-thinking mindset, anticipating emerging digital threats and adapting its defenses accordingly.

At the core of this approach is a comprehensive security vulnerability analysis framework, which enables the Group to identify, assess, and remediate potential weaknesses across IT infrastructure, applications, user behavior, and third-party access points. The Group conducts periodic vulnerability assessments and penetration testing, both internally and via third-party experts, to uncover exploitable system flaws before they can be used maliciously. Findings are used to prioritize mitigation strategies, informed by impact severity and likelihood of exploitation.

This analysis is integrated into a broader risk management system, which incorporates technological, human, and external threat factors. By understanding where vulnerabilities lie—from outdated software and misconfigured systems to phishing susceptibility and supply chain risks—the Group is able to implement multi-layered defense mechanisms tailored to its risk landscape.

To strengthen its organizational resilience, the Group also fosters a culture of cybersecurity awareness and shared responsibility. Employees, contractors, and suppliers are regularly trained on phishing prevention, password hygiene, and incident reporting through e-learning modules, workshops, and simulated attacks. This human-centric approach reduces exposure to social engineering and insider threats.

Furthermore, Charoen Pokphand Group actively collaborates with regulatory authorities, cybersecurity alliances, and threat intelligence communities, both domestically and internationally. By engaging in industry-wide knowledge exchange and supporting the development of sectoral security standards, the Group not only strengthens its own cyber posture but also contributes to the resilience of the broader business ecosystem.

Click to Enlarge

Cybersecurity and Data Protection Governance

In today’s digital world, protecting organizational data and safeguarding stakeholder privacy is of utmost importance. Charoen Pokphand Group is committed to strong cybersecurity governance and data protection by implementing robust security measures to safeguard sensitive information while cultivating a culture of responsible data management.

To support this commitment, Charoen Pokphand Group has established the Cyber and Information Security Committee, chaired by Mr. Suphachai Chearavanont, Chief Executive Officer of Charoen Pokphand Group. He possesses strong knowledge, expertise, and experience in cyber and information security, such as serving as Chairman of the Risk Management, Cybersecurity, and Financial Committees at True Corporation Public Company Limited. Mr. Suphachai has a deep understanding of digital technology and plays a key role in driving the Group’s transition into the digital era.

Over the past several years, the Cybersecurity and Information Security Committee has integrated advanced cybersecurity principles with data privacy protection measures to ensure secure operations and stringent protection of customer data. The Committee is composed of executives from various departments with specialized knowledge and skills in information security and cybersecurity.

Cybersecurity and Information Security Committee Structure

Click to Enlarge

Role and Responsibilities

Screen and review strategies
Screen and review policies and practices
Screen and review key performance indicators
Approve cybersecurity action plans and projects
Oversee cybersecurity incident management
Oversee the adequacy of cybersecurity preparedness
Provide direction for cybersecurity enhancement
Review operational effectiveness
Encourage communication and information exchange to enhance cybersecurity awareness
Report performance to relevant committees