www.cycoresecure.com

Cyber Threat Statistics About SMBs You Should Know 43% SMBs are the target of 43% of all data breaches Many people assume that large corporations would be a primary target for cyber attacks. However, enterprises typically have solid cyber security protections in place, making them harder to infiltrate. Comparatively, gaining entry into small business systems is often a breeze. As a result, they’re the number one target for cybercriminals, representing 43% of all data breaches in 2019. 61% 61% of SMBs experienced a cyber attack during the last year. Among small to medium-sized businesses (SMBs), a full 61% experienced a cyber attack during the past year. While not all attacks were successful or damaging, it shows how prolific the issue is in the small business landscape 60% of SMBs go out of business within 6 months after a cyber attack. Cyber attacks aren’t just inconvenient for small businesses; they’re costly, catastrophic events that can completely derail the company. Overall, within six months of an attack, 60% of small businesses that fell victim to attackers shutter their doors for good. 60% $3M Data breaches cost SMBs an average of nearly $3 million per incident. Generally, any business with fewer than 500 employees qualifies as an SMB. Among companies of that size, the average cost of a data breach is close to $3 million per incident. www.cycoresecure.com

Why Small Businesses are Vulnerable to Cyber Threat Insufficient Financial Resources Small enterprises struggle to execute most necessary activities due to insufficient financial support. Consequently, small firms may lack the financial resources necessary to meet their cybersecurity needs. Similarly, a meager budget for cybersecurity could be equivalent to a lack of financial assistance. Inconsistent or poor employee training Small firms are typically preoccupied with establishing themselves, which causes them to overlook employee training on cyber security. Likewise, some companies believe they cannot be targeted, so they approach employee training as a lower priority. Vulnerabilities posed by third parties A gap in any third party that links to a company can result in bankruptcy or identity theft. A business targeted due to a third party's vulnerability experienced a data breach that exposed over 40 million clients to cyber risks. Developing in-house resources is a common tactic employed by large organizations to decrease interactions with third parties. Organizations with appropriate and up-to-date cyber security support are proactive in preventing cyber threats. Maintaining cyber security is expensive, but a data leak's price is significantly greater. The majority of small businesses do not have cybersecurity professionals. Instead, basic cybersecurity needs are assigned to employees. Inadequate cyber security support ? www.cycoresecure.com

Our Philosophy Cyber security is an enabler to your business that supports agility, innovation, growth and a competitive differentiator. The vast majority of incidents and breaches can be avoided by focusing on cyber security fundamentals. Cyber security does not have to be complicated. www.cycoresecure.com

Implementing a robust methodology for running your security program Metrics and visibility of tracking Maintaining and monitoring a list of security controls Strategic advisor and executor Solving Real World SMBs Problems How small businesses are using vCISOs Our vCISOs bring best practices and tested tactics that follow an accepted industry standard for maintaining your security, ensuring you’re making strategic, result-driven decisions From the moment we come onboard, Cycore will begin monitoring areas previously not monitored and will begin to track time, progress, ROI and any achievements to improve your information security Security controls help to mitigate or reduce risk and include, administrative, technical and physical measures to protect assets. Cycore will have a clear grasp of all your threats and vulnerabilities and an action plan to address each risk. Our vCISOs are available to advise your team in stakeholder meetings and how to build out and operate a security program that meets your objectives, risk tolerance and budget. www.cycoresecure.com

How Cycore Secure Can Help? Buy Now Pay Later As cybersecurity becomes a growing issue for every organization. We’re on a mission to make cybersecurity simple and accessible. Simple and Accessible We’re a buy now pay later cybersecurity services firm making our solutions cost effective over a 12 month period or more. Affordable Packages Cycore has created packages for every budget need that provides real tangible results for every organizations need no matter size or industry. www.cycoresecure.com

How It Works? - Request a consultation Request a complimentary 30 minute phone or video chat with us. Tell us about your issues. We'll also provide a free Cyber Health Check Assessment for you. - Discovery Call We will sit down with you for a discovery call to understand the details of your business and discuss what's keeping you awake at night. You will learn about the tools we can use to help you. Lastly, we will provide recommendations on the services we provide. - Our Proposal & Pricing We will send you a customized proposal that will detail how we can help. Let's discuss what level of service and fixed pricing will work best for you. 2 1 3 www.cycoresecure.com

Ongoing Support The vCISO will provide ongoing support to help you meet your security objectives. This includes: ● Phone and email support ● Monthly scheduled meetings ● Regulatory compliance guidance ● Policy templates and guidance ● Technology recs ● Client questionnaire support Assessment A full security program risk assessment is conducted to understand your current cybersecurity posture. The vCISO will schedule interviews with stakeholders and request any relevant documentation to accurately assess your organizations posture. Roadmap After conducting the assessment, the vCISO will put together a report and roadmap. The roadmap will consist of the stakeholders identifying how to address each risk (accept, transfer, mitigate, or avoid). The stakeholders will also decide who will be assigned each risk for those chosen to be mitigated (Internal, Third Party, vCISO). How The Process Works? Amount of hours required for vCISO: 20-25 hrs Amount of hours required for vCISO: 9-11 hrs Amount of hours required for vCISO: 5-30 hrs/mo www.cycoresecure.com

Subscription Plans As cybersecurity becomes a growing issue for every organization. We’re on a mission to make cybersecurity simple and accessible. vCISO Support Includes: • Phone and email support • Monthly scheduled meeting (or as needed) • Access specialty resources at Cycore Secure • Security news & trending vulnerability updates • Knowledge transfer & mentorship • Compliance audit support • Regulatory compliance guidance • Policy templates and guidance • Technology recommendations & opinions • Board and executive presentations • Client questionnaire support • Security program roadmap adjustments & guidance

Solving Real World SMBs Problems Case Studies

A startup organization in the B2C technology vertical wanted to quickly ramp up its security program without investing in a full-time CISO within the organization. The organization engaged a part-time vCISO to perform a gap analysis and provide a 12-month roadmap for continued maturity and plans for completing stages 1 and 2 of the ISO 27001 assessment. Scope: Primary focus for this company was designing, building, and deploying an Information Security Management System to meet ISO 27001 for the organization. Notes: The contract was set for 10 hours per month, over the course of 12 months. The vCISO focused on developing a core set of policies and standards that could be deployed to assist with meeting the compliance standard. After about 3 months, the organization focused on interviewing and hiring 2 engineers to assist with the ongoing development, deployment, and maintenance of the security program. Rapid Maturation of a Security Program Case Study #1 www.cycoresecure.com

A small financial investments company operation in New York engaged for a vCISO to meet key requirements, a CISO reporting to the board, of the NY DFS Part 500 regulation. As part of this requirement, a financial service company must have a CISO, either full-time internally or through a third party, who reports directly to the CEO and board. Scope: Up to 20 hours per month to assist with program development, communication, and reporting to the board of directors. Services included policy development, compliance, interviewing, and performance tracking. Notes: Initial plans included only reporting to the board and CEO on the status of the security program, but, as the vCISO became more familiar with the team and company, recommendations were provided on how better to posture security. Additionally, the vCISO became a trusted advisor and assisted with recruiting and hiring key personnel within the security team and technology teams. Regulatory Checkbox Case Study #2 www.cycoresecure.com

A small company needed to mature and increase its security posture but was not ready to hire a full-time CISO into the organization and chose to hire a vCISO to lead the organization on this maturity. This allowed the organization to hire a security engineer and analyst to assist with the deployment and maintenance of key security controls, that otherwise they may not have had the budget for if they hired a full-time CISO. Scope: Assist with developing security strategy and awareness within the organization. Manage risk across internal operations, vendors, and software development. Rapidly improve the incident response capabilities of the business. Notes: The contract was for 24 months, as the organization wanted to create some stability with their vCISO and did not see being ready to hire a full-time CISO in the short term. Initially, the vCISO came into the organization with no supporting technical resources and was tasked with reviewing the organization’s posture, business goals, and legal requirements to build a strategic roadmap. This took about 6 months to complete, at which time the focus turned to hiring the two additional resources and implementing key tools and controls within the organization. Increasing Visibility & Awareness for Consumer Tech Firm Case Study #3 www.cycoresecure.com

Questions? [email protected] www.cycoresecure.com