Annual Report 2024

Corporate Governance Report 企業管治報告 89 舜宇光學科技（集團）有限公司 • 2024 年報 Group’s principal risks 本集團主要風險 Key controls and treatment plan(s) 主要控制及處理方案 Target risk trend 目標風險趨向 Data Breach Risks: 數據泄露風險： – Data leakage due to technical vulnerabilities, personnel operational errors, external malicious attacks and management defects may cause financial and reputational losses for the Company, and thus create legal risks and commercial competitive disadvantages. － 因技術漏洞、人員操作失誤、外部惡意攻擊及管理缺 陷等導致數據泄露，可能造成本公司財務及聲譽損 失，並因此產生法律風險和商業競爭劣勢。 – Continuously optimizing of information security measures, adopting data transmission encryption, data leakage prevention system and other technologies for effective prevention; － 持續優化信息安全措施，應用數據傳輸加密、數據防泄漏系統 等技術進行有效防範； – Actively creating an information security culture atmosphere and improving the information security awareness of all staff; and － 積極營造信息安全文化氛圍，提高全員信息安全意識；及 – Regularly auditing the implementation of information security policies, and constantly optimizing the information security system. － 定期稽查信息安全策略執行情況，不斷優化信息安全體系。 Network attack risks: 網絡攻擊風險： – Network attacks such as malware, phishing, exploits, and targeted threat attacks may cause system downtime and affect the Company’s production and operations. － 惡意軟件、網絡釣魚、漏洞利用、定向威脅攻擊等網 絡攻擊，可能造成系統宕機，影響本公司生產運營。 – Establishing data backup and disaster recovery plan to ensure quick recovery of system data; － 建立數據備份及災難恢復計劃，確保快速復原系統數據； – Strengthening network security technology defense, narrowing network exposure, using energy perception platform, and integrating security data; and － 加強網絡安全技術防禦，縮小網絡暴露面，利用能態感知平 台，整合安全數據；及 – Using big data analysis to identify attack traffic in a timely manner, introducing threat intelligence and security orchestration, automation and response systems to achieve automatic response and timely early warning of cyber attacks, and improving the Company’s overall security defense capabilities. － 藉助大數據分析，及時識別攻擊流量。引入威脅情報及安全編 排、自動化和響應系統，實現對網絡攻擊的自動響應和及時預 警，提升本公司整體安全防禦能力。