Back

Reinforcing resilience in a changing operating environment

The accelerating pace of environmental, technological, regulatory and social changes has reinforced the importance of business resilience. CLP recognises the strategic value of anticipating, withstanding and learning from disruptive events, especially in response to the growing threats posed by climate change and cybercrime.

Cyber resilience and data protection

Because of CLP’s role in providing critical power infrastructure, a significant cyber security breach could have a massive impact on local economies by temporarily shuttering essential energy services. Cyber resilience and effective data protection measures allow employees and customers to proceed with their activities without fear or threat of cyberattack.

To counter this and to minimise its exposure to the ever-growing risks posed by cyber threats, CLP has built up strong governance practices and a capable and highly experienced team within CLP Digital.

The Board-level Audit & Risk Committee maintains effective oversight of cyber security risks, while Security, a department of CLP Digital, is responsible for the protection of the Company.  From a cyber perspective, this protection ranges from:

  • Promoting cyber security and data protection awareness amongst staff;

  • Ensuring cyber security threats across both CLP’s Operational Technology (OT) and Information Technology (IT) systems are reduced to acceptable levels; and

  • Constantly monitoring CLP systems to deny an attacker any advantage.

During the year, CLP Digital undertook a comprehensive review of its cyber security strategy with the support of an external cyber security specialist consultancy. The review’s aim was to ready CLP for the potential challenges of operating as a Utility of the Future.

As a result of the review, at an operational level, CLP Digital has developed 20 cyber security standards which align with the internationally-recognised NIST Cyber Security Framework. They provide, for the first time, a comprehensive system of acceptable operational practice that will define the Company’s cyber operations going forward. The revised standards will be introduced and implemented in early 2023.

CLP puts great effort into building a corporate culture that can deal with the future challenges associated with handling the accelerating volume of data produced by digital assets. During the year, a wide range of educational initiatives to eqip employees with cyber security capabilities were delivered across the Group, including internal broadcasts, briefing sessions, pop-up booths and webinars. Furthermore, teams of employee volunteers were engaged in CLP Power’s businesses as “Cyber Champions” to help deliver key security messages directly to fellow employees and collect valuable feedback on the effectiveness of CLP Digital’s policies and standards.

Building Resilience in the face of climate change and an evolving business environment

Adapting CLP’s physical assets to cope with the disruptive realities of climate change benefits the economy by maintaining a reliable energy supply, even in the face of extreme weather events. By promoting resilient operations, CLP can also support the energy needs of vulnerable communities who are particularly susceptible to physical climate risks such as sea-level rises and outages caused by storms.

CLP’s approach to building resilience against climate change starts with effective risk management. Recognising climate change risks might reasonably impact the business over time, climate change risks are fully integrated into CLP’s Group-wide risk management system, with management oversight and assurance provided to the Board.

CLP considers the resilience of its Climate Vision 2050 and other strategic plans by using three climate scenarios. Each scenario provides a future state over a typical time horizon of 20 to 30 years. In tandem, CLP has also developed a financial model to help understand the financial impacts of these risks across the Group in different time horizons up to 2050.

The nature and extent of climate change risks vary across geographies. CLP not only considers this variance in its various regions of operation during its risk management process, it also conducts asset-level physical climate risk assessments to build the resilience of individual assets in each region.

In Hong Kong, CLP Power completed a physical climate change risk assessment and climate change adaptation study with the support of external consultancies in 2022. This multiple-year study applied rigorous processes of climate hazard screening and impact assessment workshops with relevant internal stakeholders. The study was followed by various adaptation measures implemented by CLP Power to minimise service delivery disruption against the key physical climate change risks identified. Key climate hazards, such as extreme heat, flash rain, coastal flooding and super typhoons, were earmarked for further detailed risk assessment. To set a high-level guidance for climate change risk assessment and adaptation practice during operation, CLP Power issued an Asset Management Standard on Climate Change Adaptation for generation and network assets. The standard will be reviewed at least every three years to keep abreast of the latest climate models and trends.

In India, Apraava Energy conducted a climate risk assessment using Physical Climate Risk Screening tool software. This helped forecast changing weather patterns at a specific geographic location. Apraava Energy also utilises the software to identify physical risks, such as floods and storms, when conducting environment due diligence at the project planning stage.

Read more on our approach, initiatives and progress for stakeholder impact in relation to this material topic

Climate-related Disclosures ReportSocial Impacts – Customers

Financial materiality

Business resilience is an important component of sustainable value creation and helps protect CLP's cash flows from the negative asymmetric risks associated with damage to physical assets and operations caused by cybercrime as well as climate change.

Read more on the financial impact

Stakeholders section in the 2022 Annual Report

We use cookies for the purpose of enhancing your user experience and helping us better understand how the site is used. By continuing to visit this site, you agree to our Use of Cookies.


Back to top