Emerging technology developments have increased the flexibility and diversity of access to information and made it more difficult to protect against cybercrime incidents (such as ransomware, credential stuffing, and so on). Information security and personal data protection are facing serious challenges. The Bank has continued to strengthen its information security protection capabilities and emergency response resilience, comply with internal and external specifications, improve internal information security and personal data protection awareness. The Bank has appointed the Chief Information Security Officer to lead the promotion of information security policy and resource allocation, and shape the complete security protection mechanism from the inside out. The above actions not only performed duty of care by a good enterprise, protected customer rights and interests and safe operation, but also prevented the operation service interruption, information security incidents, or personal data security incidents that may result in financial losses and reputational damage.