CY4GATE S.p.A. — Investor Presentation 2023

Oct 9, 2023

Cy4Gate Italian Excellences 2023

October 10, 2023

TABLE OF CONTENTS

• Our Growth
• Strategic pillars
• Governance and Shareholders
• Portfolio and markets
• Financial performance
• ESG
• Q&A
• Solutions and Services

Fast growing and attractive group…

Delivery on track on all Strategic pillars

GROUP & SHAREHOLDERS

TEAM

Domitilla Benigni CHAIRMAN

Emanuele Galtieri CEO & General Manager

Marco Latini CFO & Investor Relations Manager

Board of Directors

Strategic and M&A Committee

CY4Gate is present in two main markets:

Cyber Intelligence & Cyber Security

PORTFOLIO OVERVIEW

CYBER INTELLIGENCE

1. Source: Markets & Markets; industry reports and expert interviews

9 ⁹

CYBER SECURITY

Cyber security solutions protect clients' information systems, enabling the detection of anomalies and generating response actions Global Cybersecurity Services² Market Real time analytics (RTA) is a security information and event management (SIEM), advanced cyber security application that enables the analyst to detect cyber security anomalies and creates conditions to rapidly strike back. Pool of Cyber Security services covering the following topics: ▪ Red Teaming and Penetration Test ▪ Compliance Assessment ▪ Managed Detection & Response ▪ Incident Response & Malware Analysis ▪ Hands-on Cyber Training and Security Awareness ▪ Cyber Resilience Design for Critical Infrastructure 6.9 6.3 7.5 9.0 10.7 12.8 +9% 2019 2020 2021 2023 2025 2027 2020 5.8 2019 2021 2023 2025 2027 5.3 6.3 7.4 8.7 10.3 +9% Cybersecurity Products Cybersecurity Services € bln € bln

Global Cybersecurity Products¹ Market

Enduring growth

1. Includes Security Operations products such as SIEM, SOAR, UEBA, Threat Intelligence and related products

2. Includes Penetration testing, Vulnerability management and related services

Source: IDC, industry reports and expert interviews

MARKETS

GEOGRAPHICAL PRESENCE AND MARKETS SERVED

The company mainly operates in Italy, is also active in Spain and is increasing its presence in Germany and France. It also has a global presence, with clients in the Middle East, South East Asia, and Latin America.

							1H 2023 CY4GATE Group
	10.7	86%	14.4	85%	41.2	63%	17.7	54%
	1.8	14%	2.6	15%	24.2	37%	15.3	46%
	12.5	100%	17.0	100%	65.4	100%	33.1	100%

Note: Calculated on operating revenues, Cy4Gate 2022 pro-forma full year

4 new Cyber Security solutions

• services, through dedicated ecommerce, towards SMEs ▪ Price based on the average man-
• days consumed, also factoring the risk of realization
• twin)
• Wide range of functions and possible applications such as:
• Systems cyber resilence testing in a "secure" environments
• Research and development of attack mitigation solutions

• Education and training for advanced Cybersecurity capabilities

• detection (e.g., unknown APT1 and unknown vulnerabilities)

• Presence of software elements (e.g., core license), usable through a hardware device ("mobile sweeper") that enables scanning

• Multiple revenue models available: purchase, rental and "perpetual", "pay-per-use" use

• SIEM), exploitable at tactical level ▪ Integration and correlation of CTI Feeds (commercial and Open Source) in the platform, then presented in specific reports providing a "vertical" view on Cyber threats (e.g., for selected industries)

• Possibility to access different levels of customized service (i.e., Silver Gold, Advanced)

Financial performance

1H 2023 Key Data

1. Including other operating revenues; comparative 2022 does not include 1Q of RCS Group and DIATEAM

2. Negative result (loss for the period) Includes D&A related to Purchase Price Allocation and extraordinary costs

1H 2023 Revenues Breakdown

Note: Cy4gate Group results as of 30.06.2022 include 6 months of Cy4Gate + 3 months of RCS Note: Cy4gate Group results as of 30.06.2023 include the consolidation of DIATEAM for the entire semester Note: Calculated on operating revenues

1H 2023 People Investment

Total personnel increased in 1H23 by a total of 51 resources:

• Increase related to the DIATEAM acquisition, which allowed the Group to acquire specialised resources and technical skills to strengthen the cyber-security business line
• Increase of 23 resources preparatory to the achievement of plan objectives (recruitment in the sales and engineering functions).

1H 2023 Profit & Loss

€ mln	1 1H 2023	1H 2022 2 Restated
Operating Revenues	33.1	16.0
Other Operating Revenues	1.0	0.7
Total Revenues	34.1	16.7
Services, Procurement & other operating costs	14.4	6.8
Personnel Costs	16.8	8.7
R&D Investments	(2.7)	(1.1)
Costs	28.5	14.4
EBITDA	5.5	2.3
EBITDA Margin	16%	14%
D&A [including leasing costs]	6.2	3.6
EBIT Adjusted	(0.6)	(1.3)
One off costs	2.4	2.4
D&A [related to PPA]	2.0	1.0
EBIT	(5.1)	(4.7)
Financial Income (Expenses)	(0.9)	(0.3)
Income Taxes	3.2	0.7
Net result	(2.8)	(4.3)

Executive summary:

Revenues +104% compared to 1H 2022, thanks to the the consolidation of the subsidiaries. The seasonality of the business is confirmed, concentrated in the second half of the year.

Costs are in line with the Group's growth objectives and distributed linearly over the year.

EBITDA increase compared to 1H 2022, with significant investments, especially in qualified personnel, but it always suffers from the combined effect of seasonality of revenues and linearity of costs.

Net result recorded a loss of € 2.8 million, mainly due to extraordinary costs (translisting and integration costs) and D&A costs (PPA and amortization), but a clear improvement compared to the same period of the last year (a loss of €4.3 million)

1. Including the consolidation of DIATEAM from 1st January 2023

2. Comparative 1H 2022 includes the redetermination of the effects of the purchase price allocation

1H 2023 Asset & Liabilities

€/000	1H 2023	FY 2022
Fixed assets	82.6	70.1
Inventory	0.5	0.8
Contract assets (liabilities)	2.7	(1.0)
Trade receivables	63.9	64.5
Trade payables	(13.3)	(10.6)
Trade Working Capital	53.7	53.7
Other assets (liabilities)	(0.4)	(4.4)
Net Working Capital	53.3	49.4
Net Capital Invested	135.9	119.5
Cash and cash equivalents	10.8	19.9
Financial assets	1.7	1.8
Financial Liabilities	(19.5)	(15.4)
Lease liabilities	(3.9)	(3.3)
Net Financial Position Adjusted	(10.8)	3.1
Adjustments for non rec. events
and/or extraordinary transactions	(5.4)	-
Shareholders' Equity	(119.7)	(122.5)
Sources	(135.9)	(119.5)

Executive Summary:

Fixed Asset increase mainly due to the effects of goodwill linked to DIATEAM acquisition

Net Working Capital increase mainly to contract assets and the decrease of other liabilities compared to the same period of the last year. The increase in Working Capital is typical of the seasonality that characterizes 1H.

Net Financial Position is negative impacted by DIATEAM acquisition agreement, the impact of IFRS16 and the typical cash absorption in the first half of the year related to the seasonality of the business

Shareholders' Equity stood at 119.7 million compared to 122.5 million at December 31, 2022

ESG SUSTAINABILITY REPORT Learn more

Our committment for a greater sustainability

EthiFinance issued the first ESG Rating with a score of 64/100 Cy4Gate is placed above the average of the 154 companies subject to the rating belonging to the IT Sector

UN Global Compact & SDGs

By joining the United Nations Global Compact, CY4GATE shares, supports and applies the fundamental Ten Principles of the Global Compact in its sphere of influence and actively contributes to the achievement of the United Nations Sustainable Development Goals.

CY4GATE has included in 2023- 2025 business plan investments to adopt its Social Report structured on the indications contained in the GRI (GRI 200, 300, 400) and GBS standards.

And, we will contribute to the achievement of the following 6 of the 17 goals of the 2030 Agenda for Sustainable Development.

To ensure inclusive and equitable quality education and promote lifelong learning opportunities for all

To ensure sustainable production and consumption patterns

Goal 12 Goal 16 Goal 5

Relating to Peace, justice and strong institutions. Defence is a crucial component of security, and security constitutes the prerequisite for peace, prosperity, international

To promote sustained, inclusive and sustainable economic growth, full and productive employment and

decent work for all

Goal 4 Goal 8 Goal 9

To build resilient infrastructure, and to promote inclusive and sustainable industrialization and foster innovation

To achieve gender equality and empower all women and girls, for operational efficiency and social inclusiveness, actively promoting the implementation of the Women Empowerment Principles.

20

Business ethic and human empowerment

• Solid corporate governance
• Sustainability-oriented strategies and policies
• Responsible business conduct
• Information security and privacy
• Transparency of information towards investors
• Prevention to corruption

• Prevention on anticompetitive behaviour

• • Respect for human rights
  • ‒ in the production and sale of products
  • ‒ in People management
  • ‒ in the gender equality and diversity empowerment
  • ‒ in the supply chain management

Governance Human rights Relationship and working conditions

• People management and care
• People empowerment
• Occupational health and safety
• Equal opportunities and gender equality

Environment

• Energy efficiency and emissions reduction
• Use of water resource
• Waste management

Business management

• Leadership in innovation
• Customer relationship management
• Responsible management of the supply chain

Responsability towards the community

• Protection and safety of the community
• IT security and critical infrastructure protection

THANK YOU

Solutions and Services

QUIPO Automation for Decision Augmentation

QUIPO DECISION INTELLIGENCE

The Right Information, At The Right Time, To The Right People, In The Right Way

QUIPO is a Decision Intelligence platform based on AI algorithms that transforms data into knowledge and provides Decision Support and Decision Augmentation more and beyond traditional solutions based on conventional IT technologies

Value drivers

Multilayer analysis in a unique solution

The integrated collection of multiple information assets (internal or external) enables the possibility to combine multiple analysis models (video tagging, audio tagging, semantic analysis, face recognition, location identification, feature detection, link analysis, etc.).

Prompt Information from large datasets

More effective real time access to external and internal information minimizes reputational risks, and a fraud and product development mitigates costs

Unique platform for Better Intelligence

A central platform, specifically designed to support the intelligence cycle, help the possibility to improve the analysis, dissemination and production possibilities

How Is It Different?

• Fully customizable software platform specifically designed for the efficient management of structured and unstructured data
• AI Technologies to automate and augment the analysis activities. Different modules (semantic module, image tagging/face recognition modules, "anomalous behaviour" module) which works on machine learning, cognitive computing and deep learning
• Multiyear experience in the intelligence domain and enterprises security transformed into a platform that supports analysts from A to Z

QUIPO Data Centric Intelligence Architecture

1. CY4 has been cited by Gartner as a cool vendor of composite AI (ref. Innovation Insight for Composite AI published 10 January 2022)

Observe – Orient – Decide - Act

Heterogeneus Information Collection + Data Valorisation + Data Analysis = Intelligence for a Decision

Decision Intelligence = Decision Augmentation

Use of predictive algorithms (what will happen) together with prescriptive algorithms (what to do) exponentially increase automation factor of the decision phase in an Augmented Decision Process

RTA Real Time Analytics Upgrade your threat detection tools

RTA is a cyber security application framework that allows realtime ingestion, processing, enrichment and analysis of different kind of security events, aka Modern SIEM RTA enables the analyst to detect anomalies and establishes the conditions to rapidly strike back

Value drivers

Sensors are everywhere

Smart collection and normalization of every sensor enables: understandable data meaning, rapid anomaly detection among billions of data. Raw Network traffic can be collected and analysed as well

More Enrichment → More Context → Better Insight

RTA enrich all events adding information on the execution context, the involved entities and the purposes of the action.

Drill down and Situation Awareness

A single point of view for the Analyst allows more efficient browsing, helping to detect entities and their relationships. RTA is able to identify relationship network, through visualization tools allowing for a more accurate analysis of threats.

How Is It Different?

• "Time Machine" approach, which allows the analyst both to gather historical information (so to "freeze the crime scene") and to flash forward to gather information regarding potential effects of occurring events

• Composite Artificial Intelligence Technologies boost RTA during the enrichment and correlation phase, allowing faster exploitation of information
• Alarms are based on correlation, machine learning or behavioral rules Alarms are operated by the indexing engine and then transferred to the graphical user interface which allows the analyst to perform several actions simultaneously to handle alarms

Solution Architecture (Processing)

RTA: Augmented Incident Management Process

Cyber Threat Intelligence

The Cyber Threat Intelligence (CTI) Fusion Model developed by Cy4gate offers various advantages to a company with respect to a standard approach:

❑ Enable the company to approach CTI effectively while avoiding high investment costs for platforms and specialized skills, growing gradually and consciously in this area

❑ Make daily use of qualified CTI data sources (commercial and open source)

❑ Benefit from intelligence that is already processed and immediately usable through an optimized, enriched, and contextualized data type concerning the client's technological environment and its target market

❑ Receive periodic reports of various types with welldefined objectives

Sharing Tactical Cyber Threat Intelligence across distinct protocols and services
Benefit from a fusion (Collection, Data Feed Processing and Dissemination) of Benefit from a fusion (Collection, Data Feed Processing and Dissemination) of intelligence data that allows it to be used for Security Defence intelligence data that allows it to be used for Security Defence
Sharing Contextualized Tactical and Operational Cyber Threat Intelligence
Using CTI Feeds related to specific industries Using CTI Feeds related to specific industries
Daily CTI Report sharing with tactical type intelligence Daily CTI Report sharing with tactical type intelligence
Sharing CTI Report with operational type intelligence
Sharing the CTI Report with strategic type intelligence
Dedicated on-demand support

Cyber Threat Intelligence Fusion Service Delivery

The Cyber Threat Intelligence, FUSION service, is delivered through both the sharing of already related CTI Feeds and through CTI Reports:

SENTRY Mobile APT- Detector

Sentry is a solution for the analysis and detection of malware on Android based devices in order to verify their compromise. Unlike an antivirus that analyzes threats against known items, Sentry detects by analyzing mis-configurations and anomalous behavior at the system level attributable to compromises by APT (Advanced Persistent Threath) agents.

It is a physical device or one that can be managed centrally via app and WiFi network which, once connected/installed on the device to be controlled, returns an output (OK/KO).

Sentry is structured in 3 main items:

• License for "Sentry Core"
• "Sentry Mobile Sweeper" Terminals
• "Sweep cartridge" scan instance packages

PRODUCT

WHAT'S A CYBER RANGE?

A virtual environment that enables organisations to simulate cyber combat training, system/network development, testing and benchmarking.

Learn

DIATEAM Hands-on Cyber Twin Solution

Hybrid Digital Twin Incident response Solutions and Services Product Services Virtual environment that enables simulated cyberattacks, systems development, testing and benchmarking Emergency response for declared incident (e.g., ransomware, data leakage) Skills development training, in particular, threat recognition and management Test e Validation Virtual environment with Hardware and Software in the loop to test networks and OT infrastructure and cyber defense tools. Cyber training

PRODUCT FEATURES

• Tailored environment
• User-friendly
• A powerful way of replicating existing information systems
• Demonstrative way to raise awareness
• Open Platform API
• Remotely run actions within the Cyber Range
• Improve your defensive posture by facing realistic threats
• USB Plug & Play
• Full content catalogue
• And much more

Learn

WANT TO KNOW MORE?

Click below for further info about our product features.

TESTING

Cyber Range offers the capability to test new technologies before implementing these in real life scenarios.

• Is the technology secure?
• What effect will the technology have?
• Run different scenarios
• Real-life & simulations

DIGITAL TWIN FOR DECEPTION

Clone your real-life network to:

• Evaluate vulnerabilities
• Optimise performance
• Test without risk

THE HONEY NET

This cyber digital twin enhances the capability to prevent attacks by luring real attackers to the clone network – 'honey net' – to observe, isolate and block further malicious cyber actions.

HYBRID DIGITAL TWIN FOR IT & OT INTEGRATION

Connect operations technology (OT) systems with information technology (IT) to prevent attacks on industrial sites.

• Crises simulation
• Test validation
• Safeguard the operation

WANT TO KNOW MORE? Click below for further info on our IT & OT Connection.

41

MARITIME AND NAVAL ACTIVITES

Our solutions meet an array of maritime and naval cybersecurity needs:

• Cyber training for cyber defenders and defence teams
• Offensive ops, because adversary emulation is essential for military operations.
• Cyber Lab, comprising experimentations and simulations of IT and OT assets for analysis, prototyping or research for attack and defend purposes.
• Experience with DEFNET cyber trainings, virtualisation of ports IT/OT systems, custom design of realistic APT scenarios, ashore and on -board cyber training for shipowners.
• Over a dozen scenarios enable a wide range of training on all aspects of cyber security.

TRAINING

Experiencing real-world threats in a safe environment is the key to cyber security within IT & OP.

• Recognise and handle threats
• Team building & process validation
• On site & online
• HR tool
• Understand employee behaviour
• Offensive ops

WANT TO KNOW MORE?

Click below for further info about our training.

PRODUCT FEATURES

• Tailored environment
• User-friendly
• A powerful way of replicating existing information systems
• Demonstrative way to raise awareness
• Open Platform API
• Remotely run actions within the Cyber Range
• Improve your defensive posture by facing realistic threats
• USB Plug & Play
• Full content catalogue
• And much more

Learn

WANT TO KNOW MORE?

Click below for further info about our product features.

SERVICES

• Incident Response
• Technical Audit
• Research & Development
• CTF Builder

iSOC-CSIRT

Monitor, Withstand And Mitigate Cyber-attacks Against Your Network

Our Security Operation Center (SOC) mission is to continuously monitor and improve our customers' cyber security posture giving a full MDR (Managed Detection and Response) experience.

We can setup a full outsourced service sized according to the Customer infrastructure or support the Customer to deploy and integrate our technologies for a local Security Operation Center (SOC)

Value drivers

Be Prepared and Respond quickly

A SOC increase the effectiveness of the cyber-attack detection and response capabilities

Technology, Processes & People Combined Together

We combined best practices in class technical aspects with human resources, advanced expertise and policies

Full Outsourcing With Full Visibility

This model let you to have a SOC at the best conditions (minimum involvement and controlled cost).

This model supplies competent and operational people available 24/7

How Is It Different?

• 24/7 hardworking forces dedicated to preventing, detecting, assessing, and responding to the cyber threats and vulnerabilities. Highly skilled and organized team with the mission of continuously monitoring and improving the security posture of an organization
• Huge amount of data ingested, analysed and enriched from cyber, IT/OT ecosystem
• Third parties tools integration with proper products and technologies for maximizing our security analysis.
• Your SOC is our SOC. We use the same SOC we offer for defending our network

MDR (Managed Detection & Response) Service

The SOC is a structure that centralises all information on the security status of a company's IT, offering an integrated MDR (Managed Detection & Response) service

The SOC, delivered 'as-a-service' solution, leverages the skills of the team of operators and security analysts and the best security technologies, including the proprietary RTA solution

ProntoCyber: a Fast and Ready-to-Go Cyber Solution

SALES AND

DELIVERY

PROCESSES TO

REDUCE TIME

AND COSTS

CY4GATE ACADEMY

Advanced knowledge, skills, capability

CY4Gate Academy provides recruiting, educational and training programs to address today's needs in intelligence, cyber intelligence and cyberwarfare.

Value drivers

Capability Oriented

Capability refers to the process of converting 'cyber knowledge' into specific results. "Cyber Knowledge", indeed, never transforms in cyber capability automatically because requires a combined hands-on and exercise oriented approach

Creating better staff

Your staff deserves the opportunity to learn, begin and grow a career in the cyber and intelligence fields

More Readiness → Better Security

Becoming prepared about threats and the best techniques to face them, will make it harder for a cybercriminal to access your data

How Is It Different?

• Some (successful) cybersecurity expert skills simply cannot be taught in a traditional classroom. This is why we always offer Modern vocational training and skills education programs through interactive scenarios, "cyber arenas" where to simulate real cyber competition, and challenges to solve real-world business and human competitions
• "Learning elements, contents, and skills" together. Bringing together all the best cyber security and cyber intelligence elements, from those who are doing it, those who did it, and those who learned from it, and delivering to your organization
• CY4GATE Academy offers an innovative method for assessment inside and outside your organization

DIGILAB

Prepare Your Cyber Mission!

The DIGILAB is a strategic asset, dedicated to perform digital activities for platform and system analysis, vulnerability management, attack pattern engineering

Value drivers

Beyond the Academic Approach

The building up of a lasting capability on all the aspects of Cyber Warfare can hardly be achieved by traditional education & training which is useful for the creation of individual competences, but not sufficient to establish a permanent capability. So, also for this reason we have DIGILAB that integrates our Cyber Academy offering

Tailored around the Customer

Every customer has his needs and for this reason each DIGILAB is a unique mix of education, training, labs and continuous support for preparing customer's missions

Focused on Teamworking

Final goal of a DIGILAB program is to train all the teams (Penetration Testing team, Intelligence Team , Malware reversing and exploiting team, Reversing team, Cryptoanalysis team and so on) to understand how to approach a cyber mission and identify the right tools for each specific task

How Is It Different?

• We own full penetration testing and validation capabilities against complex systems to check the HW, SW, firmware. Also the wireless level
• We create laboratories and services for malicious code analysis and define a valid counter-strategy
• We can reverse engineer things to catch how a device or algorithm works

CFO & IR MANAGER CFO & IR MANAGER

Marco Latini

marco.latini@cy4gate.com

IR ADVISOR IR ADVISOR

CDR Communication Silvia Di Rosa silvia.dirosa@cdr-communication.it Luca Gentili luca.gentili@cdr-communication.it

FOLLOW US: FOLLOW US: