Exclusive Networks // Sustainability Report 2022

Risks and opportunities Risk factors

Risk of cyber-attacks, systems security, data protection ESG

Criticality level: ■ ■ ■

Risk description

Risk management

The Group’s IT systems could be subject to malicious intrusion, cyber-attack, phishing, social engineering, attempts to overload the servers or data privacy breaches. Any such breach could result in the disclosure of sensitive or personal data, significant legal and financial exposure, damage to the Group’s reputation, loss of competitive advantage and a loss of confidence in the security of the Group’s IT systems. For example, in December 2020 the Group detected a cyberattack and breach of its systems in the UAE, US, France, UK and Singapore. Although the breach resulted in unauthorised access to data, the cyberattack did not impact the Group’s day-to-day operations. Following this breach, the Group inspected and upgraded its global systems and processes to strengthen their integrity and efficacy (see opposite). The sophistication and constant evolution of cyber-attacks make it difficult for the Group to anticipate this risk. Furthermore, third parties, such as solution providers that host the Group’s IT systems, could themselves be subject to such attacks resulting in a failure of their own systems and security infrastructure. Any actual or perceived breach or inappropriate use, disclosure or access to such data could damage the Group’s reputation as a trusted brand and/or result in significant business losses or disruptions (see “Reputational risk” above).

Over the last two years, Exclusive Networks has significantly strengthened its cyber-attack management and prevention programme along three main lines:  the implementation of a Security Operation Centre (SOC) in all countries, monitoring infrastructures in real time and reporting any suspicions of abnormal behaviour or potential risks. The SOC has implemented the most innovative solutions proposed by the Group’s vendors. A project has been launched for the certification of the SOC by the International Organisation for Standardisation (ISO) and other global organisations. The SOC is connected to the NATO security systems in order to benefit from their information on possible risks related to the Russia/Ukraine conflict;  the strengthening of the cybersecurity team with the recruitment of highly experienced profiles and the creation of a Cyber Defence Committee chaired by the Head of the SOC, who reports directly to the Chief Information Officer, a member of the Executive Committee;  the implementation of a programme to raise awareness among all employees to the risks of cyber-attacks, through training modules and real-life phishing campaigns. (See Chapter 6, section 6.4 “Information system protection” for more information on data protection in terms of its organisation, policies and key achievements and related indicators.)

Risk related to vendor concentration

Criticality level: ■ ■ ■

Risk description

Risk management

The Group distributes the products of approximately 290 established and disruptive vendors, covering the key segments of cybersecurity and the related segments. The Group’s sales are concentrated within a small number of these vendors with which it has long-standing relationships. Indeed, Exclusive Networks’ top 20 vendors accounted for 87% of sales in 2022 and its top five vendors for 65%. The main vendors experienced strong growth in 2022 such that their respective weight in the Group’s revenue remained stable in 2022. The termination of the contractual relationship with one of the key vendors could result in a significant decrease in the Group’s activity and its turnover.

The Group’s efforts to diversify its offering resulted in two new cybersecurity segments in 2022: Cloud Security and OT/IoT Security. In 2022, it succeeded in this diversification by signing contracts with 13 new software vendors and 14 contract extensions to ensure the expansion of Exclusive Networks’ distribution rights in new countries and/or on new product and service lines. In its commercial relationships, the Group maintains strong relationships with its vendors and has set up a dedicated “Vendor Management” team (it organises quarterly reviews with vendor managers) and implements internal performance acceleration and improvement plans when necessary.

14

Exclusive Networks

Sustainability Report 2022

#WeAreExclusive