technicolor - 2020 Universal Registration Document

3 RISKS, LITIGATION, AND CONTROLS RISK FACTORS

Ý

CYBERSECURITY

GRI [103-1 Customer privacy] [103-2 Customer privacy] Risk identification

Risk monitoring and management

The security actions related to Production Services content production networks are led by internal security teams which focus on the mitigation of these risks. These security actions and protocols are continuously implemented, enforced, evaluated and updated as production needs evolve and as new technologies or threats emerge. The Connected Home centers for product development or implementation of services include quality assurance functions that are responsible for establishing and measuring suitable quality indicators, and developing action plans to improve the quality of the products and services with management reviews at key milestones. To ensure high security standards, a security approval procedure is in place for the new products delivered by the Connected Home Segment. This procedure is part of the product development project management methodology. Once products are delivered, an incident response procedure is in place to support customers. This procedure includes a vulnerability disclosure protocol, to allow security researchers to report any weakness in Connected Home products and allow us to address risks before public disclosure and/or materialization of said risk. The security policies and the use of qualified suppliers, equipment and software, combined with regular security trainings, security assessments and penetration testing, aim to mitigate the risk to an acceptable level. For physical security risks, a dedicated team conducts risk assessments on all critical sites and suggests a remediation plan for local security coordinators when needed. In 2020, working in collaboration with clients and industry organizations, the Group has successfully transitioned to secure work-from-home environments and workflows where required based on local government requirements. Technicolor security standards are continuously reviewed and updated to stay current with the industry and with established security policies. Overall in 2020, Technicolor supported over 202 security audits, which included a combination of internal and external audits. Audit findings are tracked and managed by internal teams. In 2020, the Group delivered security awareness training to all employees and provided multiple communications around phishing, malware and general security practices, with an increased focus on the impacts of an increase in remote work.

The secure maintenance and transmission of Technicolor and customers' information is an essential component of the Group’s operations due to highly sensitive and confidential content. The failure to have sufficient and effective content security systems and protocols both onsite and during remote working scenarios may lead to loss, disclosure, misappropriation, alteration and unauthorized sharing and access to sensitive information and assets (Intellectual Property). Product developments may become more expensive or take a longer time than initially planned due to unexpected challenges in the development cycle, potential quality issues linked to the technological complexity of the products, resource constraints or dependency on third party deliveries. Products and data may be vulnerable due to the increase in volume and sophistication of hacking or other types of malicious attacks (e.g. phishing) which expose the Group to liabilities, extra cost for remediation, or compensation for prejudices. Furthermore, remote work environments have now become a requirement across the globe because of the Covid-19 pandemic, potentially leading to greater content security risks as the security perimeter extends from our facilities into employees’ homes. Failure of employees’ awareness on cyber risks increases risk of phishing campaigns and introducing malwares in our systems. Those consequences may drive key customers to withdraw work from Technicolor, and are likely to expose the Group to significant financial burdens, liability, loss of reputation and loss of revenues.

52

TECHNICOLOR UNIVERSAL REGISTRATION DOCUMENT 2020