|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Risk management and strategy
BW LPG relies heavily on technology and systems to manage its operations, including fleet management, cargo tracking, crew management, vessel maintenance, telecommunications, human resources, and financial systems. Safeguarding these systems and the data they contain from unauthorised access, use, disclosure, disruption, modification, or destruction is a top priority for the Group.
BW LPG integrates its processes for identifying, assessing, and managing material risks from IT and cybersecurity threats into its Enterprise Risk Management (ERM) framework, which is based on ISO 31000 principles. This framework covers risks associated with third-party service providers, as well as IT-related internal risks. The ERM framework is supported by an IT risk management policy that establishes a systematic approach to identifying, assessing, and mitigating risks impacting the Group’s operations, assets, and reputation. The IT risk management policy applies to all employees and covers all IT-related activities, ensuring risks are documented, assessed for impact and likelihood, and prioritised for mitigation.
BW LPG relies on the BW Group’s cybersecurity risk management programme to assess and manage cybersecurity threats. This collaboration involves BW Group’s "Group IT" and "Fleet IT" divisions and is supported by a cybersecurity incident communication plan. Group IT provides Chief Information Security Officer (CISO) services and manages IT systems critical for financial reporting, while Fleet IT ensures vessel and operational technology cyber resilience. In addition, Group IT maintains a dedicated cybersecurity team to prevent, detect and respond to cyber attacks, utilising technologies to establish and maintain detection capabilities for new and emerging threats.
BW Group provides BW LPG with cybersecurity threat management services pursuant to a service level agreement (SLA) between BW LPG and BW Group, which was entered into on 10 December 2024. The SLA will remain valid until expressly modified or canceled by either party. For the purposes of the SLA, Group IT is treated as an external vendor, although BW Group benefits from shared group resources including communication platforms. BW LPG and Group IT also established a new SLA on 10 December 2024, detailing the respective roles and responsibilities of each party in the management of cybersecurity threats.
Both BW LPG and Group IT have established comprehensive policies and procedures, including an information security policy and incident management policy, built in accordance with standards such as those of the National Institute of Standards and Technology. They regularly review and amend these policies to identify and contain cybersecurity threats, employing both internal and external assessments and resources to ensure compliance and early detection of deviations.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
BW LPG integrates its processes for identifying, assessing, and managing material risks from IT and cybersecurity threats into its Enterprise Risk Management (ERM) framework, which is based on ISO 31000 principles. This framework covers risks associated with third-party service providers, as well as IT-related internal risks. The ERM framework is supported by an IT risk management policy that establishes a systematic approach to identifying, assessing, and mitigating risks impacting the Group’s operations, assets, and reputation. The IT risk management policy applies to all employees and covers all IT-related activities, ensuring risks are documented, assessed for impact and likelihood, and prioritised for mitigation.
BW LPG relies on the BW Group’s cybersecurity risk management programme to assess and manage cybersecurity threats. This collaboration involves BW Group’s "Group IT" and "Fleet IT" divisions and is supported by a cybersecurity incident communication plan. Group IT provides Chief Information Security Officer (CISO) services and manages IT systems critical for financial reporting, while Fleet IT ensures vessel and operational technology cyber resilience. In addition, Group IT maintains a dedicated cybersecurity team to prevent, detect and respond to cyber attacks, utilising technologies to establish and maintain detection capabilities for new and emerging threats.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]
|
As of the date of this annual report, there have been no cybersecurity events that have materially affected or were reasonably likely to materially affect the Group, including business strategy, results of operations, or financial condition, but we cannot provide assurance that the Group will not be materially affected in the future by such risks and any future material incidents.
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
The Board of Directors provides oversight of the Group’s strategy and fulfils risk governance responsibilities, ensuring Group’s management achieves strategic and business objectives. The Board of Directors is updated at least annually on top risks, including cybersecurity.
|Cybersecurity Risk Role of Management [Text Block]
|Senior Management identifies emerging risks, prioritises them, and allocates resources for risk treatments. Heads of Department are responsible for identifying risks within their areas, maintaining internal controls, and advising Senior Management on risks that cannot be managed operationally.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|This process is initiated by the CISO, who, pursuant to the terms of the SLA, will evaluate and present their results to a BW LPG cyber focus group. This group will be led by the CFO and supported by the Head of IT.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|The CISO has a certification from Carnegie Mellon University and is also certified by the Software Engineering Institute, which is a federally funded research and development center focused specifically on software-related security and engineering. The CISO has over 20 years’ experience in IT and technology leadership roles.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|Key emerging cyber incidents will be escalated to Senior Management or the Board via the Cyber incident reporting process. This was established to expedite identification, evaluation, escalation, remediation, and reporting of material cyber events should they occur. This process is initiated by the CISO, who, pursuant to the terms of the SLA, will evaluate and present their results to a BW LPG cyber focus group. This group will be led by the CFO and supported by the Head of IT. The CFO will determine what additional reporting is required depending on the nature of the incident, whether to all of Senior Management, the Board, and/or to the relevant regulatory bodies.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef