Annual Report 2025

Sunny Optical Technology (Group) Company Limited • ANNUAL REPORT 2025 110 Corporate Governance Report 企業管治報告 Group’s principal risks 本集團主要風險 Key controls and treatment plan(s) 主要控制及處理方案 Target risk trend 目標風險趨向 Network attack risks: 網絡攻擊風險： – Network attacks such as malware, phishing, exploits, and targeted threat attacks may cause system downtime and affect the Company’s production and operations. － 惡意軟件、網絡釣魚、漏洞利用、定向威脅攻擊等網 絡攻擊，可能造成系統宕機，影響本公司生產運營。 – Optimizing the security situation awareness platform to enhance the capability to detect and analyze intrusion threats, ensuring security incidents are visible, controllable, and traceable; － 優化安全態勢感知平台，提升對入侵威脅的發現、分析能力， 實現安全事件的可視、可控、可追溯； – Developing SOAR (Security Orchestration, Automation and Response) automation capabilities to streamline threat management processes, improving security response efficiency, and achieving automated network security response and disposal; － 建設 SOAR 自動化編排能力，簡化威脅管理流程，提升安全響應 效率，實現網絡安全的自動化響應處置； – Strengthening network security control strategies, promoting data center security and cloud security construction, optimizing network security control strategies, and enhancing the Group’s overall risk prevention capability; － 強化網絡安全管控策略，推進數據中心安全與雲安全建設，優 化網絡安全管控策略，提升本集團整體風險防範能力； – Advancing production network security reinforcement, gradually implementing anti-virus remediation to reduce virus infection rates, and building a strong security defense line for the production environment; － 推進生產網絡安全加固，逐步開展防病毒整治，降低病毒感染 率，築牢生產環境的安全防線； – Implementing IT supply chain security management, conducting comprehensive IT supply chain security assessments, identifying potential risks and vulnerabilities, promoting remediation, and reducing risks introduced by external attacks at the source; － 開展 IT 供應鏈安全管理，開展全範圍的 IT 供應鏈安全評估，識別 潛在風險與漏洞並推動修復，從源頭減少外部攻擊引入的風險；