Display mode (Doesn't show in master page preview)
Skip Ribbon Commands
Skip to main content
Sustainable Development Policy Target Sustainable Finance Report
​​​

Cyber Security and Data Privacy


KBank’s organizational structure aims to effectively supervise IT and data security management. Focus is on a segregation of risk
prevention duties, as follows: The 1st Line of Defense, which comprises operating units of all departments; the 2nd Line of Defense, which comprises units tasked with risk management; and the 3rd Line of Defense, which comprises units tasked with auditing, in accordance with the Three Lines of Defense guideline. In addition, indicators regarding cyber risk incidents, including number of incidents and duration of management, have been set as one of the main targets for assessing KBank’s operational efficiency.

The Board of Directors has approved relevant strategies and polices to maintain and promote data security, namely Information
Technology and Security Policy, IT and Third Party Risk Management Policy, accounting for data security of customers,
employees and all other stakeholders, the Bank’s system security and the ever-evolving behavior of financial service users.
KBank has developed a roadmap for a cybersecurity risk control system to achieve our objectives. The plan focuses on risk control
in terms of prevention, detection, and response, covering all business processes and critical systems of the Bank. It also
includes measures to cope with complaints or loss incidents related to cyber threats. This will help to ensure the stability of
the Bank’s financial IT system and the Thai financial landscape, for now and in the future. 

KBank has improved operational systems, technologies and innovations together with our personnel potential, while also stepping
up preventive measures to cope with cyber threats across all dimensions, including prevention, monitoring and detection, response
and remedies in order to enhance consumer confidence towards KBank services. Such operations are as follows:


Customer Privacy Protection in Conformity with Good Governance Principles 
  1. Establishing the Data Governance Sub-committee to ensure maximum efficiency and security of information management systems, and to undertake organizational restructuring for greater efficiency of data management.
  2.  Implementing policies and operational procedures related to information management and data security throughout the entire financial conglomerate and counterparty management. All divisions must comply with these policies and operational procedures so as to minimize risks incurred from adverse events. If personal data breaches, violation of or non-compliance with Personal Data Protection Policy are detected, KBank may take disciplinary action as deemed appropriate.
  3. Establishing policies, work processes and systems in conformity with the Personal Data Protection Act. Progress has been reported to the Bank’s top management on a regular basis.
  4. Ensuring that all employees have understanding about the Personal Data Protection Act, related policies and practices.
  5. Reviewing and updating policies and operational procedures regularly.
  6. Formulating operational guidelines to cope with adverse events, covering data analysis, assessment of severity, event suppression, remedies and recoveries, as well as notification to customers and stakeholders concerned.
  7. Arranging for the annual audit of work performance in conformity with KBank policies by internal audit units. 

Read more in KBank's Sustainability Report 2024 Chapter Cyber Security and Data Privacy



Document
Personal Data Protection Policy Notice
Personal Data Protection for Shareholders’ Meeting
Personal Data Protection Policy Notice of Applicants and Personnel
Cybersecurity and Data Privacy​
บริการทุกระดับประทับใจ