Cybersecurity Risk Management and Strategy Disclosure	12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]	Cyber-attacks are acknowledged to be a growing threat across all industries. There is likely to be an increased risk of information security or cybersecurity incidents, including cyber-attacks as a result of increased global tensions. The Group has adopted a holistic strategy which seeks to protect our data, people, products, and customers through a combination of people, processes, and technology. We are investing in additional technologies and engage third-party expertise for added support. Our dedicated cybersecurity team is led by a CISSP-certified Chief Information Security Officer (CISO) with over 25 years of experience. We manage the risk of evolving threats through proactive measures and continuous updates to our defences. Our hybrid security strategy covers potential entry points, including networks, systems, applications, and devices, which aims to ensure protection for the Group and create a resilient defence against cyber threats. The CISO actively participates in Audit Committee and Executive Committee meetings. They are also responsible for offering updates and oversight on the information and cybersecurity strategy and reporting material cybersecurity risks and mitigation strategies to the Board and its subcommittees. Additionally, the CISO chairs a subcommittee comprised of business stakeholders, including, but not limited to legal, compliance, finance, internal audit, risk management and human resources. The committee has overall approval and sign-off of security and privacy policies, which allows for focused discussions and strategy alignment for both security and privacy. The committee provides necessary updates to the Board where required. The Group’s cybersecurity risk management processes, which include assessment, documentation and treatment, have been integrated into our overall enterprise risk management system. This is achieved through both the top-down process driven by our Executive Committee which have identified Cybersecurity as one of our principal risks as well as the bottom-up IT risk register maintained by members of the cybersecurity team (refer to page 79 for additional detail on the Group’s risk management process). Further, the cybersecurity function has defined processes for handling information security and cybersecurity incidents, incorporating analysis and prioritisation mechanisms aligned with enterprise risk management. During an incident, the information security team continuously monitors and assesses the impact on the organisation. Predefined thresholds trigger the formation of a subcommittee, bringing together a cross-functional team which includes information security, information technology, legal, compliance and communications expertise. This subcommittee manages the assessment of materiality, invocation of crisis management, Executive Committee and Board engagement, and assessment of requirements for regulatory notifications. Robust governance practices are in place across the information security and cyber function, including an assessment of suppliers’ and vendors’ security and compliance posture prior to the onboarding and activation of any service. Active monitoring of third-party providers is implemented on a 24x7 basis, by utilising a dedicated service via a market-leading third party, reducing the risk of supply chain attacks. The information and cybersecurity function conducts an annual mandatory information security awareness training programme for Group employees, covering topics such as physical security, email security, data privacy, ransomware guidance, phishing and general online safety. While the Group strives for effective governance and measures, there is no assurance against future interruptions that could potentially disrupt business operations, divert staff resources and attention and materially adversely affect the organisation’s performance. Throughout 2024, there were no cybersecurity incidents identified which materially affected or are reasonably likely to materially affect the Group’s business strategy, results of operations or financial condition and no incidents have been reported to regulatory authorities during this period.
Cybersecurity Risk Management Processes Integrated [Flag]	true
Cybersecurity Risk Management Processes Integrated [Text Block]	The Group’s cybersecurity risk management processes, which include assessment, documentation and treatment, have been integrated into our overall enterprise risk management system. This is achieved through both the top-down process driven by our Executive Committee which have identified Cybersecurity as one of our principal risks as well as the bottom-up IT risk register maintained by members of the cybersecurity team (refer to page 79 for additional detail on the Group’s risk management process). Further, the cybersecurity function has defined processes for handling information security and cybersecurity incidents, incorporating analysis and prioritisation mechanisms aligned with enterprise risk management. During an incident, the information security team continuously monitors and assesses the impact on the organisation. Predefined thresholds trigger the formation of a subcommittee, bringing together a cross-functional team which includes information security, information technology, legal, compliance and communications expertise. This subcommittee manages the assessment of materiality, invocation of crisis management, Executive Committee and Board engagement, and assessment of requirements for regulatory notifications.
Cybersecurity Risk Management Third Party Engaged [Flag]	true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]	true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]	false
Cybersecurity Risk Board of Directors Oversight [Text Block]	The CISO actively participates in Audit Committee and Executive Committee meetings. They are also responsible for offering updates and oversight on the information and cybersecurity strategy and reporting material cybersecurity risks and mitigation strategies to the Board and its subcommittees. Additionally, the CISO chairs a subcommittee comprised of business stakeholders, including, but not limited to legal, compliance, finance, internal audit, risk management and human resources. The committee has overall approval and sign-off of security and privacy policies, which allows for focused discussions and strategy alignment for both security and privacy. The committee provides necessary updates to the Board where required. The Group’s cybersecurity risk management processes, which include assessment, documentation and treatment, have been integrated into our overall enterprise risk management system. This is achieved through both the top-down process driven by our Executive Committee which have identified Cybersecurity as one of our principal risks as well as the bottom-up IT risk register maintained by members of the cybersecurity team (refer to page 79 for additional detail on the Group’s risk management process). Further, the cybersecurity function has defined processes for handling information security and cybersecurity incidents, incorporating analysis and prioritisation mechanisms aligned with enterprise risk management. During an incident, the information security team continuously monitors and assesses the impact on the organisation. Predefined thresholds trigger the formation of a subcommittee, bringing together a cross-functional team which includes information security, information technology, legal, compliance and communications expertise. This subcommittee manages the assessment of materiality, invocation of crisis management, Executive Committee and Board engagement, and assessment of requirements for regulatory notifications. In the event of a major cybersecurity incident, including those with a material impact on the Group, the CISO, supported by internal and/or external legal advisers and other third-party specialist advisers as appropriate, co-ordinates the engagement on the cyber incident response with the executive and crisis management teams. The CISO is also a key member of the crisis management team who supports on co-ordinating and communicating with the Board.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]	Executive Committee
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]	The CISO actively participates in Audit Committee and Executive Committee meetings. They are also responsible for offering updates and oversight on the information and cybersecurity strategy and reporting material cybersecurity risks and mitigation strategies to the Board and its subcommittees. Additionally, the CISO chairs a subcommittee comprised of business stakeholders, including, but not limited to legal, compliance, finance, internal audit, risk management and human resources. The committee has overall approval and sign-off of security and privacy policies, which allows for focused discussions and strategy alignment for both security and privacy. The committee provides necessary updates to the Board where required. The Group’s cybersecurity risk management processes, which include assessment, documentation and treatment, have been integrated into our overall enterprise risk management system. This is achieved through both the top-down process driven by our Executive Committee which have identified Cybersecurity as one of our principal risks as well as the bottom-up IT risk register maintained by members of the cybersecurity team (refer to page 79 for additional detail on the Group’s risk management process). Further, the cybersecurity function has defined processes for handling information security and cybersecurity incidents, incorporating analysis and prioritisation mechanisms aligned with enterprise risk management. During an incident, the information security team continuously monitors and assesses the impact on the organisation. Predefined thresholds trigger the formation of a subcommittee, bringing together a cross-functional team which includes information security, information technology, legal, compliance and communications expertise. This subcommittee manages the assessment of materiality, invocation of crisis management, Executive Committee and Board engagement, and assessment of requirements for regulatory notifications. In the event of a major cybersecurity incident, including those with a material impact on the Group, the CISO, supported by internal and/or external legal advisers and other third-party specialist advisers as appropriate, co-ordinates the engagement on the cyber incident response with the executive and crisis management teams. The CISO is also a key member of the crisis management team who supports on co-ordinating and communicating with the Board.
Cybersecurity Risk Role of Management [Text Block]	The CISO actively participates in Audit Committee and Executive Committee meetings. They are also responsible for offering updates and oversight on the information and cybersecurity strategy and reporting material cybersecurity risks and mitigation strategies to the Board and its subcommittees. Additionally, the CISO chairs a subcommittee comprised of business stakeholders, including, but not limited to legal, compliance, finance, internal audit, risk management and human resources. The committee has overall approval and sign-off of security and privacy policies, which allows for focused discussions and strategy alignment for both security and privacy. The committee provides necessary updates to the Board where required. The Group’s cybersecurity risk management processes, which include assessment, documentation and treatment, have been integrated into our overall enterprise risk management system. This is achieved through both the top-down process driven by our Executive Committee which have identified Cybersecurity as one of our principal risks as well as the bottom-up IT risk register maintained by members of the cybersecurity team (refer to page 79 for additional detail on the Group’s risk management process). Further, the cybersecurity function has defined processes for handling information security and cybersecurity incidents, incorporating analysis and prioritisation mechanisms aligned with enterprise risk management. During an incident, the information security team continuously monitors and assesses the impact on the organisation. Predefined thresholds trigger the formation of a subcommittee, bringing together a cross-functional team which includes information security, information technology, legal, compliance and communications expertise. This subcommittee manages the assessment of materiality, invocation of crisis management, Executive Committee and Board engagement, and assessment of requirements for regulatory notifications. In the event of a major cybersecurity incident, including those with a material impact on the Group, the CISO, supported by internal and/or external legal advisers and other third-party specialist advisers as appropriate, co-ordinates the engagement on the cyber incident response with the executive and crisis management teams. The CISO is also a key member of the crisis management team who supports on co-ordinating and communicating with the Board.
Cybersecurity Risk Management Positions or Committees Responsible [Flag]	true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]	a subcommittee comprised of business stakeholders, including, but not limited to legal, compliance, finance, internal audit, risk management and human resources.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block]	Our dedicated cybersecurity team is led by a CISSP-certified Chief Information Security Officer (CISO) with over 25 years of experience.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]	Further, the cybersecurity function has defined processes for handling information security and cybersecurity incidents, incorporating analysis and prioritisation mechanisms aligned with enterprise risk management. During an incident, the information security team continuously monitors and assesses the impact on the organisation. Predefined thresholds trigger the formation of a subcommittee, bringing together a cross-functional team which includes information security, information technology, legal, compliance and communications expertise. This subcommittee manages the assessment of materiality, invocation of crisis management, Executive Committee and Board engagement, and assessment of requirements for regulatory notifications.In the event of a major cybersecurity incident, including those with a material impact on the Group, the CISO, supported by internal and/or external legal advisers and other third-party specialist advisers as appropriate, co-ordinates the engagement on the cyber incident response with the executive and crisis management teams. The CISO is also a key member of the crisis management team who supports on co-ordinating and communicating with the Board.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]	true

Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Cyber-attacks are acknowledged to be a growing threat across all industries. There is likely to be an increased risk of information security or cybersecurity incidents, including cyber-attacks as a result of increased global tensions. The Group has adopted a holistic strategy which seeks to protect our data, people, products, and customers through a combination of people, processes, and technology. We are investing in

additional technologies and engage third-party expertise for added support. Our dedicated cybersecurity team is led by a CISSP-certified Chief Information Security Officer (CISO) with over 25 years of experience.

We manage the risk of evolving threats through proactive measures and continuous updates to our defences. Our hybrid security strategy covers potential entry points, including networks, systems, applications, and devices, which aims to ensure protection for the Group and create a resilient defence against cyber threats.

The CISO actively participates in Audit Committee and Executive Committee meetings. They are also responsible for offering updates and oversight on the information and cybersecurity strategy and reporting material cybersecurity risks and mitigation strategies to the Board and its subcommittees. Additionally, the CISO chairs a subcommittee comprised of business stakeholders, including, but not limited to legal, compliance, finance, internal audit, risk management and human resources. The committee has overall approval and sign-off of security and privacy policies, which allows for focused discussions and strategy alignment for both security and privacy. The committee provides necessary updates to the Board where required. The Group’s cybersecurity

risk management processes, which include assessment, documentation and treatment, have been integrated into our overall enterprise risk management system. This is achieved through both the top-down process driven by our Executive Committee which have identified Cybersecurity as one of our principal risks as well as the bottom-up IT risk register maintained by members of the cybersecurity team (refer to page 79 for additional detail on the Group’s risk management process). Further, the cybersecurity function has defined processes for handling information security and cybersecurity incidents, incorporating analysis and prioritisation mechanisms aligned with enterprise risk management. During an incident, the information security team continuously monitors and assesses the impact on the organisation. Predefined thresholds trigger the formation of a subcommittee, bringing together a cross-functional team which includes information security, information technology, legal, compliance and communications expertise. This subcommittee manages the assessment of materiality, invocation of crisis management, Executive Committee and Board engagement, and assessment of requirements for regulatory notifications.

Robust governance practices are in place across the information security and cyber function, including an assessment of suppliers’ and vendors’ security and compliance posture prior to the onboarding and activation of any service. Active monitoring of third-party providers is implemented on a 24x7 basis, by utilising a dedicated service via a market-leading third party, reducing the risk of supply chain attacks.

The information and cybersecurity function conducts an annual mandatory information security awareness training programme for Group employees, covering topics such as physical security, email security, data privacy, ransomware guidance, phishing and general online safety.

While the Group strives for effective governance and measures, there is no assurance against future interruptions that could potentially disrupt business operations, divert staff resources and attention and materially adversely affect the organisation’s performance. Throughout 2024, there were no cybersecurity incidents identified which materially affected or are reasonably likely to materially affect the Group’s business strategy, results of operations or financial condition and no incidents have been reported to regulatory authorities during this period.

Cybersecurity Risk Management Processes Integrated [Text Block]

The Group’s cybersecurity

risk management processes, which include assessment, documentation and treatment, have been integrated into our overall enterprise risk management system. This is achieved through both the top-down process driven by our Executive Committee which have identified Cybersecurity as one of our principal risks as well as the bottom-up IT risk register maintained by members of the cybersecurity team (refer to page 79 for additional detail on the Group’s risk management process). Further, the cybersecurity function has defined processes for handling information security and cybersecurity incidents, incorporating analysis and prioritisation mechanisms aligned with enterprise risk management. During an incident, the information security team continuously monitors and assesses the impact on the organisation. Predefined thresholds trigger the formation of a subcommittee, bringing together a cross-functional team which includes information security, information technology, legal, compliance and communications expertise. This subcommittee manages the assessment of materiality, invocation of crisis management, Executive Committee and Board engagement, and assessment of requirements for regulatory notifications.

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Board of Directors Oversight [Text Block]

The CISO actively participates in Audit Committee and Executive Committee meetings. They are also responsible for offering updates and oversight on the information and cybersecurity strategy and reporting material cybersecurity risks and mitigation strategies to the Board and its subcommittees. Additionally, the CISO chairs a subcommittee comprised of business stakeholders, including, but not limited to legal, compliance, finance, internal audit, risk management and human resources. The committee has overall approval and sign-off of security and privacy policies, which allows for focused discussions and strategy alignment for both security and privacy. The committee provides necessary updates to the Board where required. The Group’s cybersecurity

risk management processes, which include assessment, documentation and treatment, have been integrated into our overall enterprise risk management system. This is achieved through both the top-down process driven by our Executive Committee which have identified Cybersecurity as one of our principal risks as well as the bottom-up IT risk register maintained by members of the cybersecurity team (refer to page 79 for additional detail on the Group’s risk management process). Further, the cybersecurity function has defined processes for handling information security and cybersecurity incidents, incorporating analysis and prioritisation mechanisms aligned with enterprise risk management. During an incident, the information security team continuously monitors and assesses the impact on the organisation. Predefined thresholds trigger the formation of a subcommittee, bringing together a cross-functional team which includes information security, information technology, legal, compliance and communications expertise. This subcommittee manages the assessment of materiality, invocation of crisis management, Executive Committee and Board engagement, and assessment of requirements for regulatory notifications.

In the event of a major cybersecurity incident, including those with a material impact on the Group, the CISO, supported by internal and/or external legal advisers and other third-party specialist advisers as appropriate, co-ordinates the engagement on the cyber incident response with the executive and crisis management teams. The CISO is also a key member of the crisis management team who supports on co-ordinating and communicating with the Board.

Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

The CISO actively participates in Audit Committee and Executive Committee meetings. They are also responsible for offering updates and oversight on the information and cybersecurity strategy and reporting material cybersecurity risks and mitigation strategies to the Board and its subcommittees. Additionally, the CISO chairs a subcommittee comprised of business stakeholders, including, but not limited to legal, compliance, finance, internal audit, risk management and human resources. The committee has overall approval and sign-off of security and privacy policies, which allows for focused discussions and strategy alignment for both security and privacy. The committee provides necessary updates to the Board where required. The Group’s cybersecurity

risk management processes, which include assessment, documentation and treatment, have been integrated into our overall enterprise risk management system. This is achieved through both the top-down process driven by our Executive Committee which have identified Cybersecurity as one of our principal risks as well as the bottom-up IT risk register maintained by members of the cybersecurity team (refer to page 79 for additional detail on the Group’s risk management process). Further, the cybersecurity function has defined processes for handling information security and cybersecurity incidents, incorporating analysis and prioritisation mechanisms aligned with enterprise risk management. During an incident, the information security team continuously monitors and assesses the impact on the organisation. Predefined thresholds trigger the formation of a subcommittee, bringing together a cross-functional team which includes information security, information technology, legal, compliance and communications expertise. This subcommittee manages the assessment of materiality, invocation of crisis management, Executive Committee and Board engagement, and assessment of requirements for regulatory notifications.

In the event of a major cybersecurity incident, including those with a material impact on the Group, the CISO, supported by internal and/or external legal advisers and other third-party specialist advisers as appropriate, co-ordinates the engagement on the cyber incident response with the executive and crisis management teams. The CISO is also a key member of the crisis management team who supports on co-ordinating and communicating with the Board.

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true

Cybersecurity Risk Management Expertise of Management Responsible [Text Block]

Our dedicated cybersecurity team is led by a CISSP-certified Chief Information Security Officer (CISO) with over 25 years of experience.

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]

true