To ensure the confidentiality, integrity, and availability of WT information assets, as well as to comply with relevant laws and regulations and mitigate operational risks caused by internal and external threats, an information security policy has been established based on business needs. This policy applies to WT and its subsidiaries that are 100% directly or indirectly owned, controlled, or provide sales and services for the group. It also applies to all personnel within these organizations, including outsourced service providers, interns, and visitors. Information security clauses are incorporated into external contracts accordingly. 
Establishing a dedicated department to strengthen information security management
According to the World Economic Forum (WEF) Global Risks Report 2024, “misinformation and disinformation” rank as the number one global risk over the next two years and fifth over the next ten years. The widespread dissemination of false information makes it difficult for individuals and organizations to make accurate decisions and may increase the cost of verifying information. Meanwhile, “cyber insecurity” ranks fourth and eighth over the next two and ten years, respectively. Increasingly complex cyber espionage and cybercrime activities, such as loss of privacy, data fraud, or data theft, pose significant threats. A failure in information security defenses could lead to data breaches and ransomware attacks, or in more severe cases, disruptions to core systems that result in major operational losses and reputational damage.
In view of the growing importance of information security and the proliferation of cyber-attacks, WT Information Security Department is overseen by a Vice-President-level Chief Information Security Officer (CISO). The department is staffed with two dedicated managers and five full-time specialists. Their responsibilities, including security-risk management, incident investigation, vulnerability disclosure, and the assessment and implementation of security architectures, were reported to the Board of Directors on 5 November 2024.
During 2024, no major information security incidents involving the leakage of sensitive data or interruptions to information services occurred, and no financial losses were incurred by customers or suppliers because of security events.
To continually enhance professional capabilities in information security, the company uses the acquisition of security certifications as a performance-review mechanism.In 2024, the team earned four internationally recognized credentials – CCSP, Google CyberSecurity, CEH, and intermediate-level iPAS, covering cloud security, penetration testing, and auditing.In addition to its existing memberships in cooperative defense groups such as the Taiwan CERT/CSIRT Alliance and the Taiwan Chief Information Security Officer Alliance, the company joined the Information Service Industry Association of the R.O.C. (CISA) to share intelligence on security trends and threats, thereby strengthening its joint-defense ecosystem.
Ongoing enhancement of employee cyber-security awareness 
As traditional perimeter defenses lose effectiveness, employee awareness has become pivotal to cyber-security management. Since 2021, WT has conducted monthly social-engineering drills using random phishing templates. Employees who click on suspicious links undergo retraining and their immediate supervisors are notified; results are regularly tracked to reduce awareness-related threats. Beginning in 2024, the scope of our security-awareness training and phishing-simulation exercises was expanded to cover employees from both Excelpoint and Future Electronics.
Awareness Initiative-2024 Results




∙ Security-Awareness Training ⎯ 




Following recent acquisitions, group-wide training began in September 2024. Of 7,476 employees required to attend (136 on unpaid leave, parental leave, or resigned), 6,945 completed the course and passed the test – a 92.8 % completion rate.


∙ Social-Engineering Drills ⎯ 


278,037 phishing e-mails sent; click-through rate 0.7 %, outperforming the 5 % industry average.


∙ Advanced Professional Training ⎯ 


One intensive session delivered to core-system personnel and managers.




Strengthening the security framework to build corporate resilience 
Guided by ISO 27001 and the NIST Cybersecurity Framework, WT applies defense-in-depth and secure-by-design principles across eight layers: governance, data, endpoints, applications, networks, third-party supply, business continuity & incident response, and threat intelligence & joint defense. Residual risks are continuously monitored. External ISO 27001 audits and red-team exercises validate our controls. WT holds ISO/IEC 27001:2013 and CNS 27001:2014 certificates, valid through 2025. Key 2024 actions mapped to the NIST CSF 2.0 functions are:



Govern
Regular security steering meetings brief executives on strategic goal attainment and variance analysis, ensuring alignment between cyber security and business objectives. 


Identify
Enhanced governance and policies; deployed an asset-inventory system and vulnerability scans; evaluated an external risk-management platform for threat identification and analysis. 


Protect
Classified information assets into Tiers 1-3 by sensitivity; enforced network segregation, access controls, endpoint hardening and behavioral monitoring. 


Detect
Implemented a new Endpoint Detection and Response (EDR) solution integrated with Security Information and Event Management (SIEM) and User & Entity Behavior Analytics (UEBA); big-data analytics establish behavioral baselines and accelerate anomaly detection. 


Respond
 According to the incident response plan, suspicious anomalies are analyzed and assessed; once an event is verified as genuine, it is classified and handled based on its scope of impact, and the appropriate notification is issued in line with the assigned severity level. To strengthen the physical security and continuous monitoring of the data center, a digital evidence-collection mechanism has been implemented. 


Recover
To reinforce the organization’s cyber-resilience and ensure that product and service delivery are not disrupted by “black-swan” or “grey-rhino” incidents, we are closing the last mile of data protection. In addition to adhering to the 3-2-1 backup principle (three copies, two different media, and one off-site location), we have also adopted an offline-media backup solution to further shorten recovery time in the event of a cybersecurity incident.



Strengthening cyber-security governance and network protection 
WT follows a “defense-in-depth” and “security-by-design” approach. Guided by Continuous Threat Exposure Management (CTEM), we proactively identify assets with vulnerable attack paths and apply risk-management controls to reduce both the likelihood and impact of incidents. Our 2024 cyber-security controls include the following:


Threat Intelligence / Inspection
• Daily collection and analysis of domestic & international cyber-security news, open-source intelligence (OSINT), and vendor / ISAC advisories.

• Annual third-party penetration tests or red-team exercises. 


Endpoints
• Deployment of Endpoint Detection & Response (EDR) on PCs and servers with regular updates and real-time analytics.

• Activation of behavioral-analysis modules and adoption of Managed Detection & Response (MDR) services. 


Data
• Encryption of sensitive data in transit and at rest.

• Annual in-house processing of retired information assets to ensure media are unreadable.

• Engagement of external specialists for de-magnetisation and physical destruction of retired assets, followed by disposal at government-accredited recyclers under escorted, fully logged procedures.


Applications
• Weekly vulnerability scanning with risk-based patch prioritisation and scheduled patch management.

• Implementation of Multi-Factor Authentication (MFA) and regular weak-password checks per NIST 800-63B.

• Use of FIDO2 hardware keys for critical cloud services to mitigate credential theft and brute-force attacks.


Network
• Deployment of next-generation firewalls (NGFWs) featuring application awareness, Intrusion Prevention (IPS) and Advanced Threat Protection (ATP).

• Identity-aware segmentation that separates employee and visitor access paths.

• Enhanced email security with advanced threat-protection modules to improve content analysis.


Addressing customers’ cyber-security concerns
WT’s transactions throughout the supply chain rely heavily on IT systems and online platforms. Customers and original-equipment suppliers regularly evaluate us through cyber-security self-assessment questionnaires and hold ad-hoc discussions on specific security topics. To meet customer requirements, third-party security service providers engaged by the customers carry out host vulnerability scanning and penetration testing to safeguard supply-chain information security.



Sources of Cyber-Security Information


1. Customers
5. Cyber-security service providers


2. Original-equipment suppliers
6. Cyber-security news outlets or specialist websites


3. Cyber-security information-sharing alliances / ISACs
7. Zero-day exploit intelligence and similar alerts


4. IT hardware & software vendors
8. External risk-management platforms



 
Business continuity and emergency response  
24/7 cybersecurity monitoring without interruption
WT has established a dedicated cybersecurity email inbox to receive diverse external threat intelligence, using it to reinforce internal safeguards. The company has also entered into managed-service agreements with third-party providers for a Security Operation Center (SOC) and Managed Detection and Response (MDR). This always-on, 24 × 7 mechanism enables continuous, real-time monitoring of cybersecurity threats.
Regular cybersecurity-incident drills to ensure the fastest possible recovery
To strengthen corporate resilience and maintain high availability of information systems, WT carries out at least one test and drill each year under the Cybersecurity Management System’s Business Continuity Plan. The exercise simulates a primary-system failure, switches the main data center to a remote site, records results in detail, and folds lessons learned into continual-improvement tracking.
Between April and June 2024, unplanned power outages increased by roughly 50 % compared with the same period the previous year. WT therefore continues to run power-failure drills that simulate sudden blackouts, ensuring emergency generators start promptly and all facilities and systems remain operational. Post-exercise reviews confirmed that the response procedures are appropriate and that every facility and system functioned normally throughout the test.
Establishing cybersecurity reporting tiered management & rapid response
WT has issued a Security-Incident Management Procedure that defines four severity levels and the associated escalation flow. When an incident occurs, the person who discovers it reports the details or security staff perform an incident determination; notifications are then sent in line with the assigned level. If the incident is classified as “major”, it must be reported immediately to the Chief Information Security Officer (CISO), who in turn briefs the General Manager for follow-up emergency-response management.
The IT department must eliminate and resolve cybersecurity incidents within the target resolution time. After closure, it conducts a post-incident review and implements improvement actions to prevent recurrence. If an incident results from an individual employee’s behavior, the root cause and impact are assessed and disciplinary measures are imposed in accordance with work rules.
In 2024, five cybersecurity incidents occurred. All were classified as non-major and involved credential leakage; each was handled and contained immediately, resulting in no impact. None of the incidents led to any compromise of core services or leakage of sensitive data.

WT Information Security Incident Flow Chart 




Backup measures when the system is under attack



Local data snapshot
Once every hour
If the hardware is intact, the fastest way to recover compromised data.




Remote replication
Real-time replication to the backup center, plus off-site snapshots
When the primary data center suffers a force-majeure event or a failure that cannot be restored immediately, the COO authorizes switching system services to the backup center.


Off-site storage of backup media
Daily backup; offline media moved off-site weekly
If both the primary data center and the backup center are unable to provide service, data restoration and system rebuild will be carried out from the offline backups.






2024 WT’s Cybersecurity Performance
∙ Two rounds of company-wide cybersecurity-awareness training, plus one intensive session for core-system personnel and managers.
∙ Phishing-simulation campaign: 278,037 emails sent; employee click-through rate 0.7%, comfortably below the 5% industry average target.
∙ Blocked 39,553,348 spam emails and shielded against 1,576,611 malicious emails.
∙ Intercepted 28,782 endpoint-threat events.
∙ Patched 134,736 system and software vulnerabilities.
∙ Earned four additional international cybersecurity certifications and logged 200+ hours of professional training.



2025 cybersecurity management plan 



Security-Management Mechanisms
∙ Continue to reinforce and improve cybersecurity governance, using scenario-based plans and drills to boost organizational resilience.

∙ Hold a monthly cybersecurity meeting to review internal and external threats, and convene a semi-annual management-review meeting to track improvements.




Security-Control Measures
∙ Keep strengthening identity management, micro-segmentation, and visibility to build a comprehensive security infrastructure.

∙ Monitor new technologies for both opportunities & risks, and adjust the architecture and defenses accordingly.

∙ Further enhance SIEM/UEBA (for visibility) and SOAR (security orchestration, automation, and response); leverage AI to analyze system logs and identify potential risks, using automated responses to minimize impact.


Security Awareness & Training
∙ Provide ad-hoc awareness campaigns and training based on real cases to keep employees vigilant; add content on AI deep-fake scams and emerging frauds, including safe-AI-use tips and cautions about unfamiliar sources.

∙ Upgrade cybersecurity staff competencies by continually acquiring relevant international certifications, equipping them to counter evolving external attacks and internal requirements.


Joint Defense & Supply-Chain Collaboration
∙ Keep strengthening overall supply-chain security and actively participate in joint-defense forums to obtain the latest threat intelligence.

∙ Continue to meet customer requirements through security assessments, vulnerability scans, and penetration tests.