CSL partners with third parties to evaluate the effectiveness of its cybersecurity program and extends its cybersecurity standards to applicable vendors and service providers. This includes assessing external partners against defined cybersecurity criteria to align with CSL’s security expectations. Over the past year, CSL has made strategic investments to strengthen threat management, enhance its defensive posture, and accelerate response to cybersecurity incidents. However, emerging threats – especially those amplified by Artificial Intelligence (AI) – are increasing the complexity and scale of cyber attacks. To counter these threats, CSL will continue investing in advanced defenses, including AI‑enhanced threat detection and response, machine learning to disrupt adversarial tactics, and continuous updates to its cybersecurity protocols. Innovations such as self-healing networks, adaptive and contextual security measures, and predictive defenses will be critical to proactively managing evolving risks and addressing the dynamic nature of cyber threats. Privacy CSL has maintained a strong commitment to the responsible use of personal data entrusted to us by patients, donors, employees and other stakeholders. Key highlights and performance during the financial year include: • New policies and practices: CSL maintains an enterprise‑wide data privacy policy as well as standards and procedures that guide the collection, maintenance and use of personal data, and considers global legal and regulatory requirements. Updates to these policies have included guidelines for the use of personal data and artificial intelligence to support the enterprise-wide focus on innovation and the use of AI. CSL has improved its digital data privacy processes to enhance the privacy rights of individuals. • Data privacy issues addressed: Significant efforts were made this year to comply with new and changing data privacy regulations, such as those in Switzerland and China. Ongoing monitoring and assurance seek to verify that the business follows data privacy requirements and CSL’s policies and meets the standards of existing data privacy laws. • Non-compliance or breaches: CSL follows a robust Privacy Incident and Data Breach Response Procedure in dealing with possible data privacy incidents. Privacy incidents are reported to an enterprise‑wide data privacy team for triage and assessment. Of the privacy incidents reported this year, four were substantiated as data privacy breaches that required reporting to data protection authorities or data subjects. CSL’s dedication to data privacy is evident in the comprehensive measures taken to protect personal data and comply with regulatory standards. + READ MORE AT CSL.COM/WE-ARE-CSL/ CORPORATE-GOVERNANCE CSL Limited Annual Report 2024/25 51
RkJQdWJsaXNoZXIy MjE2NDg3