Cybersecurity Culture Implementation

Chunghwa Telecom is convinced that implementation of corporate cybersecurity and privacy information security is not only the responsibility for the cybersecurity team and the management but also that of each and every one in the Company. Therefore, Chunghwa Telecom is committed to cultivation of a cybersecurity culture. Apart from stipulation, maintenance, and execution of the internal cybersecurity policies, it also embeds cybersecurity in corporate operation and identifies performance of cyber/network security behaviors as one of the indicators for employee performance appraisal.

Through cybersecurity education and promotion, CHT regularly conducts product security and risk assessments as well as evaluation of cybersecurity performance. As such, it effectively strengthens all employees’ knowledge and emphasis on cybersecurity, cultivating employees’ accountability on cybersecurity. Also, through tests like infiltration tests, vulnerabilities scanning, and social engineering emails, CHT seeks to embed the cybersecurity awareness into the corporate culture to warrant personal and consumer data protection.

Comprehensive Cybersecurity Training

As a professional cybersecurity solutions provider, Chunghwa Telecom has invested a plethora of resources for years to cultivate brilliant cybersecurity talents and keep cybersecurity R&D teams over 100 people. We regularly organize trainings in “cybersecurity and privacy protection,” demanding all employees 100% completion of the trainings, which covers contractors (including outsourced personnel and personnel of subsidiaries stationed at the Company for service) as well.

In addition, we have designed advanced training courses for managers of different levels as well as fields of system management, network management, software and application development, and cybersecurity management to improve the knowledge and skills in cybersecurity and privacy protection, so that all personnel can incorporate Security by Design for cybersecurity and privacy protection at the early stage of development. Also, subsidies are available for employees in terms of fees arising from external professional certifications.

• 196 sessions of cybersecurity and privacy protection education or trainings with 252,942 hours in total were organized and accessed by 55,323 participants in 2023.
• Two email social engineering exercise will be conducted every annually. The false click rate was merely at 0.27% in 2023. It effectively improved the knowledge of APT attacks as well as strengthened employees’ cybersecurity capabilities and enhanced the employees’ cybersecurity awareness.
• As of 2023, over 890 international cybersecurity certificates have been obtained by employees of Chunghwa Telecom, including ISO27001 LA、CISSP、GWAPT、CEH、CHFI、ECSA、CISA、MCSA、BS10012 LA, etc.

Cybersecurity Results of the Year

The performance of cybersecurity and privacy risk management has been incorporated into the monthly tracking by the Risk Management Committee for management. Any material risk issue will be submitted to the Audit Committee or directly reported to the Board of Directors.

Under the management via the rigorous mechanisms, there was no business impact or penalty arising from cybersecurity or privacy breach as of 2023. Meanwhile, “Cybersecurity Insurance - Data Protection Insurance” has been purchased to protect the rights of customers and investors.