Sustainability Report - FY 2023

Social and societal information Information System Protection

Deployment In order to carry out its mission, the following security tools have been deployed and implemented in a centralised, standardised, and automated manner: 1 Asset management: asset lifecycles, asset and software inventory; 2 Data capture and behavioural analysis of users and entities (Security Information and Event Management and User and Entity Behavioural Analysis), using artificial intelligence; 3 Email security; 4 Managed Endpoint Detection & Response using artificial intelligence and behavioural analytics; 5 Vulnerability management; 6 Endpoint and patch management; 7 Identity and Access Management, using artificial intelligence and behavioural analytics; 8 Web security (Cloud Access Security Broker and Secure Access Service Edge) using artificial intelligence and behavioural analytics; 9 Security Orchestration Automation and Response (SOAR);

10 Threat Intelligence: An instance of the Malware Information Sharing Platform (MISP) that identifies, analyses, and shares cyber threat intelligence with other organisations. The majority of the selected vendors and solutions come from the Exclusive Networks portfolio of cybersecurity products and solutions, and are recognised as a “Magic Quadrant Leaders” by Gartner (a leading technology assessment consulting firm). Cyber Exposure Score (CES) The Cyber Exposure Score (CES) quantifies the Group’s relative risk, based on the exposure to threats and the criticality of assets (workstations, servers). Keeping the CES at a “low” level (below 350) is one of the Group’s key monitoring indicators, which it achieves by carrying out frequent patches and updates to the system. Reporting The Group has expanded the security information provided to the Executive Committee and Country Managers. This communication is based on regular security communication and reporting. This includes information on the latest security threats and trends, reporting via KPIs on the Group’s cyber exposure as well as statistics on security alerts, attack simulation results and more.

As one of the tools used to assess the security of the information system is the Cyber Exposure Score, the Group has set itself the objective of achieving a score of “Low” or less on this index by 2025.

Key monitoring indicators

2022

2023

Number of incidents reported through the reporting set up by the Group

2,254

2,846

Control and follow-up of IT security incidents

Number of attempted break-ins

262

389

Number of successful break-ins

1 (1)

0

Monitoring and controlling the level of risk in terms of exposure to threats

Cyber Exposure Score (CES)*

384

333

* Indicator with a target for 2025. (1) With no substantial risk for the Group.

56

Exclusive Networks SA

2023 Sustainability Report

#WeAreExclusive