Cyber Security and Digitalisation | PETRONAS Chemicals Group Berhad (PCG)

Why It Matters

Cybercrime is escalating due to increased global connectivity and reliance on digital services. As PCG expands its digital capabilities, the risk of cybersecurity breaches grows—posing potential legal, financial, and reputational threats. With attacks becoming more sophisticated, it is our corporate responsibility to safeguard operations and protect stakeholders from malicious cyber threats.

Our Approach

Our cybersecurity strategy is anchored in the PETRONAS Enterprise Cyber Security Governance Framework (ECSGF), which is aligned with globally recognised standards such as ISO 27001, NIST 2.0, and IEC 62443. This ensures robust protection across both Information Technology (IT) and Operational Technology (OT) environments, defending against evolving cyber threats in real time.

Education is a cornerstone of our approach. We empower our workforce through structured Human Firewall Campaigns and continuous cybersecurity learning, helping employees detect and report threats from basic phishing scams to sophisticated attacks, including those involving Generative AI (GenAI).

We actively monitor cyber threats, conduct vulnerability assessments, and implement preventive measures to safeguard our systems and data. Oversight is provided by the Digital Steering Committee, while strategic direction and risk management are governed at the highest level by the Board Sustainability and Risk Committee, which reviews and endorses the Group’s risk profile.

How We Provide Value

We use Asset Performance Management (APM) to monitor, maintain, and optimise physical assets, enhancing reliability, efficiency, and overall plant performance.
Plant Operations Integrated Tools (POINT)in used to support PCG’s Operate Facility Work Process (OFWP) by streamlining operator task management, shift logs, staffing, and fatigue monitoring.
We use Plant-Facing Analytics (PFA) to improve equipment reliability through data-driven insights and predictive analytics.

PCG adopts a multi-layered approach to cybersecurity, ensuring resilience across both IT and OT domains.
We continuously implement our Cybersecurity Risk Management (CRA) framework to safeguard our organisation against evolving cyber threats.
Through the Cybersecurity Strategy Deployment Programme (CSSDP), we strengthen cyber resilience and protect digital assets and data across our operations.
To build a cyber-aware culture, we conduct regular phishing simulations to educate employees, reinforce vigilance, and reduce susceptibility to scams.