サイバーセキュリティクラウド（4493） – (Delayed)Financial Materials for FY2022 1Q

F i n a n c i a l M a t e r i a l s f o r F Y 2 0 2 2 1 QCyber Security Cloud, Inc.Growth Market of TSE: 4493May 13, 2022Executive Summary⚫ Sales and profit kept growing due to the improvement of the core products Shadankunand WafCharm.⚫ Churn rates were kept low and consolidated ARR exceeded 2 billion yen.Net Sales(1Q）P5ARR(annual recurring revenue)P7P6523 million yen2.02 billion yenup 24.7% year on yearup 26.3% year on yearOperating Income(1Q)P5Churn RateP897 million yenup 7.5% year on year1.07%0.83%(C) Cyber Security Cloud , Inc. 20222Table of ContentsⅠⅡⅢⅣⅤOverview of the Financial Results for FY2022 1QTopics of FY2022 1QGrowth Strategy for 2025Company OverviewBusiness Environment Surrounding CSC413172441(C) Cyber Security Cloud , Inc. 20223IOverview of the Financial Results for FY2022 1Q(C) Cyber Security Cloud , Inc. 20224Overview of Resultsstably.rose 21.3% year on year.⚫ Net sales increased 24.7% year on year due to the performance of core products grew ⚫ Due to the extraordinary income arising out of the relocation of our office, net income (million yen)Net SalesGross ProfitOperating IncomeOperating Income Margin [%]Ordinary IncomeNet Income1Q of FY20211Q of FY2022 Year-on-year420294909259523369971007221.6%18.6％-3.0 pt(For Reference)Consolidated Forecastfor FY2022+24.7%2,300+7.5%390+25.7%+8.5%+21.3%–387259(C) Cyber Security Cloud , Inc. 20225Variation in ARR⚫ Consolidated ARR exceeded 2 billion yen.⚫ As the ARR of each product grew steadily, consolidated ARR increased 26.3% year on year.(million yen)SIDfmManaged RulesWafCharmShadankun1,122 45 201 1,044 36 166 941 31 121 867 22 88 755 788 841 874 669 3 39 764 12 68 626 684 YoY+26.3%2,022 1,883 154 141 1,812 149 128 430 474 163 160 551 1,602 144 105 347 1,667 148 103 385 1,354 81 306 1,241 77 249 915 966 1,004 1,029 1,103 1,113 1,147 1Q2Q3Q4Q1Q2Q3Q4Q1Q2Q3Q4Q2019202020211Q2022ARR: Annual Recurring Revenue. It is calculated by multiplying the MRR at the end of the month concerned by 12 to convert it to an annual amount. MRR stands for Monthly Recurring Revenue in a subscription-based model and is the sum of the monthly recurring revenues from existing customers. (C) Cyber Security Cloud , Inc. 20226Variation in the Number of Users⚫ The number of users of all products grew steadily. After the acquisition of Softek as a consolidated subsidiary, the quarterly augmentation of the number of users hit a record-high (+345 users).(No. of users)SIDfmManaged RulesWafCharmShadankun2,8761,5582,5681,3732,2281,1051,928857226 272 320 392 1,502547157 7981,218337122 7597693862 66994614382 721YoY+37.6%4,5741394,2291353,9371292,5882,3722,1673,6111293,3251271,9601,771471 527 586 657 743 8458518759269569951,0551,0651,1041Q2Q3Q4Q1Q2Q3Q4Q1Q2Q3Q4Q2019202020211Q2022(C) Cyber Security Cloud , Inc. 20227Low Churn Rates of Shadankun and WafCharm⚫ There are not much change in the churn rates of both products, and we will aim to keep the churn rate stably low.⚫ Major reasons for cancellation were associated with closure of websites and end of contracts between partners and end users.Churn Rate of Shadankun*1Churn Rate of WafCharm*25.00%4.00%3.00%2.00%1.00%0.00%5.00%4.00%3.00%1.00%0.00%1.07%1.35%1.07%2.00%1.59%0.92%0.83%1Q2Q3Q4Q1Q2Q3Q4Q1Q1Q2Q3Q4Q1Q2Q3Q4Q1Q20202020年20212021年20222022年20202020年20212021年20222022年1* Produced based on the average MRR churn rate of each product in the last 12 months.MRR churn rate is calculated by dividing the MRR lost in the month concerned by the MRR as of the end of the previous month.2* Average churn rate in the past 12 months. Churn rate was calculated by dividing the cancellation number of users in the latest year in the nth term by the number of users in the (n-1)th term.(C) Cyber Security Cloud , Inc. 20228Variations in Sales⚫ Recurring revenue ratio is stably over 90％ and supporting a steady revenue base.⚫ The quarterly number of orders received hit a record high at 1Q and is expected to keep increasing considerably. (million yen)Other revenue*1Recurring revenue*2194918416710157217720931372837260723752312532763053487341YoY+24.7%523334973146524*342029432213904114664904411Q2Q3Q4Q1Q2Q3Q4Q1Q2Q3Q4Q2019202020211Q2022*1 Total sales, including the initial installation costs for Shadankun and spot contracts for vulnerability diagnosis, etc.*2 Sum of MRR values for Shadankun, WafCharm, Managed Rules, and SIDfm.*3 From 1Q of 2021, the sales of Softek are included. (C) Cyber Security Cloud , Inc. 20229Variation in Operating Costs (Cost of Sales and SGA)⚫ All kinds of costs augmented in parallel with the expansion of business performance.⚫ In 2Q, costs are projected to increase due to the relocation to the new office and recruitment.(million yen)OtherOutsourcing costsAdvertisement costsR&DRecruitment/education costsPersonnel costsTelecommunication costsNet Sales167138 26 13 6 11 1 57 20 1Q194151 28 16 8 12 5 54 25 2Q217166 26 23 7 11 8 59 28 3Q23744 24 13 14 23 60 36 4Q216 217 26030 29 13 13 10 69 50 1Q283222 30 25 9 17 8 81 49 2Q420432329 *331 48 32 19 26 9 55 1Q48 24 25 27 3 57 2Q313249 36 31 8 22 12 89 49 3Q348302 41 32 42 24 7 99 52 4Q137 143 152 159 497486 65 74 56 32 28 465373 51 36 32 29 8 62 3Q68 4Q523426 68 43 43 22 1 174 71 1Q2022201920202021*The 4Q of 2020 shows the nonconsolidated basis amount. From 1Q of 2021, the expenses of Softek are included.(C) Cyber Security Cloud , Inc. 202210Employees who Support the Growth ofCyber Security Cloud⚫ The number of employees dropped from the end of Dec. 2021 but is expected to increase in 2Q by mainly recruiting engineers.⚫ To accelerate business growth, we strengthened our organizational structure by utilizing a variety of personnel, including freelancers.7876(Employees)CorporateSales marketingEngineers3059End of Dec. 2019End of Dec. 2020End of Dec. 20211Q of 2022(C) Cyber Security Cloud , Inc. 202211(For reference) Major KPIs of Each Product202120221Q2Q3Q4Q1QARR (million yen)*11,0041,029No. of client enterprises*2Churn rate (%)ARR (million yen)No. of users*3Churn rate (%)ARR (million yen)ARR (million yen)No. of users9561.353474710.921051441279951.163855270.841031481291,1031,0551.074305860.761281491291,1131,0651,1471,1041.214746570.771411541351.075517430.831602,5881631392,022No. of users1,7711,9602,1672,372YoY+14.2%+15.5%-0.28 pt+58.5%+57.7%-0.09 pt+52.4%+46.1%+13.3%+9.4%+26.3%TotalARR (million yen)1,6021,6671,8121,883*１ Calculated by multiplying the MRR at the end of the month concerned by 12 to convert it to an annual amount. MRR stands for Monthly Recurring Revenue in the subscription model and means the total monthly recurring revenue from existing customers.*２ Calculated from the average MRR churn rate in the latest 12 months. MRR churn rate means the virtual churn rate obtained by dividing the MRR lost in the month concerned by the MRR at the end of*３ Average churn rate in the past 12 months. Churn rate was calculated by dividing the cancellation number of users in the latest year in the n-th term by the number of users in the (n-1)ththe previous month.term,(C) Cyber Security Cloud , Inc. 202212ⅡTopics of FY2022 1Q(C) Cyber Security Cloud , Inc. 202213The Uncertain Social Situation Raised Interestin Cyber Attacks⚫ Some government ministries and agencies warned people against the growing risks of cyber attacks.⚫ The number of searches for cyber attacks increased over 10 times year on year, indicating that the issue of cyber attacks is now a popular topic.Geopolitical riskVariation in the number of searchesfor “cyber attacks”The number of searches increasedover 10 times year on year*.Increase of cyber attacks to domestic enterprisesNew vulnerabilitiesUnder these circumstances, as many as seven government ministries/agencies issued a warning in their joint names. Such a warning is very rare nowadays.**Ministries and agencies that issued a warning: METI, Financial Services Agency, MIC, MHLW, MLIT, NPA, and NISChttps://www.soumu.go.jp/menu_kyotsuu/important/kinkyu02_000470.html2021 1Q2021 2Q2021 3Q2021 4Q2022 1Q*Produced by our company based on the data of Keyword Planner. (C) Cyber Security Cloud , Inc. 202214Partner Strategies in Which Active Initiatives Paid Off⚫ As the first step of the priority measure, we implemented measures for training partners. As a result, the number of orders received via our business partners hit a record high.⚫ We will keep supporting our partners strongly by utilizing our knowledge actively. Supporting measuresTo hold CSC Partner Academy*To increase new partnersTo cement the cooperation with major partnersin sale*Study session regarding the security market, marketing/proposing know-how, and products hosted by our company.(C) Cyber Security Cloud , Inc. 202215Vulnerability Management Tool SIDfmis Expected to Grow⚫ We have acquired Softek, and the product lineup has expanded.⚫ Due to the enhancement of our marketing measures, the number of inquiries hit a record high in April.Variation in the number of inquiries about SIDfmThe number of inquiries hita record high.Primary measures•••To hold co-hosted seminarsTo upgrade the service websiteTo distribute information with e-mail newslettersApr. 2021Jan. 2022Apr.Integrated marketing functions(C) Cyber Security Cloud , Inc. 202216ⅢGrowth Strategy for 202517Growth Strategy for 2025We provide services trusted around the worldas a global security company from JapanTo make our services adopted by 10,000 companiesto become the top domestic security company in the Web security field.As a financial target, we aim for sales of 5 billion yen and an operating income of 1 billion yen. To accelerate global expansion to raise overseas sales ratio to 10%.(C) Cyber Security Cloud , Inc. All Rights Reserved.18Financial Target (1) Sales of 5 Billion Yen⚫ We aim to achieve sales of 5 billion yen to become the top domestic security company in the Web security field by making our services adopted by 10,000 companies.⚫ The target of the global sales is 10% of total sales and we will pave the way for subsequent business expansion.（100 million yen）その他OtherWafCharm（海外）(overseas)WafCharm（国内）(domestic)攻撃遮断くんShadankunCAGR30%or more50105152040Priority measure➌lineup✓ Enhancement of the service New solutionsWafCharmShadankunPriority measure❷✓ Global expansion of WafCharmPriority measure❶partners✓ Improvement of support for 30231834112019年2020年2021年2022年2023年2024年2025年(C) Cyber Security Cloud , Inc. All Rights Reserved.19Financial Target (2) To Increase Operating Income over 3 Times to 1 Billion Yen in 2025⚫ We will enhance recruitment of mainly development and sales personnel to implement each priority measure.⚫ We expect to achieve an operating income of 1 billion yen in 2025 by raising awareness through upfront investment in activities such as aggressive marketing.⚫ We will flexibly make investment decisions in response to changes in the domestic security market and investment opportunities in the global market.(100 million yen)10over 3 times the operating income in 20213.92.91.41.82019202020212022 (forecast)2025(C) Cyber Security Cloud , Inc. All Rights Reserved.20Priority Measures (1) To Improve the Support for Partners⚫ We will improve the sales network based on partnerships to increase users at an accelerated rate.direct sales organization.⚫ We will focus on partners’ success while utilizing the know-how we accumulated in the To focus on partnership-based successwhile strengthening the CSC partner support organizationTo acquire new partnersTo improve existing partnerships✓ Expansion to major cities nationwide✓ To support bundled sales with our ✓ To secure a wide range of partners such as cloud vendors and system integratorsin-house services✓ To increase the number of CSC products handledPartnership-based success means the maximization of value offered to end users via partners by providing partners with information and supporting them in sales activities so that they will understand CSC products.(C) Cyber Security Cloud , Inc. All Rights Reserved.21Priority Measures (2) Global Expansion of WafCharm⚫ By improving our partner rank in each cloud service, we will be able to implement stronger measures.⚫ In addition to increasing the recognition among cloud users, we will collaborate with leading global sales partners.Improving partner rank *1Strengthening relationships with cloud providers *2Direct salesPartner salesIncrease sales by raising awareness among cloud usersPromote allianceswith sales partnersin each country* 1 Generally, improving the partner rank certified by the cloud operator will open the door to increasing exposure at co-sponsored seminars and events, joint sales, etc. Furthermore, to improve the partner rank, it is necessary to reach specific sales results, acquire technical ability certifications, and qualifications, etc.* 2 Providers of cloud platforms such as AWS, Microsoft Azure, and Google Cloud Platform(C) Cyber Security Cloud , Inc. All Rights Reserved.22Priority Measures (3) Improving the Service Lineup⚫ As the importance of measures against vulnerability increases, we will maximize the value provided by SIDfm by leveraging CSC’s business development capabilities.⚫ We will develop new services to solve users’ issues and enhance the service lineup to become a comprehensive solution company for Web security.Continuous launchof new servicesIncreasing the awareness of SIDfmand improve its functions Stable growth of main products(C) Cyber Security Cloud , Inc. All Rights Reserved.23ⅣCompany Overview(C) Cyber Security Cloud , Inc. 202224Company SummaryCompany NameCyber Security Cloud, IncEstablishedAugust 11th, 2010Listing DateMarch 26th, 2020RepresentativeRepresentative CEO Toshihiro KoikeRepresentative CTO Yoji WatanabeSenior ManagementDirector CFO Masafumi Kurata (CPA)Outside Director Yoshinori Ikura (Lawyer)Outside Director Yoshio IshizakaFull-Time Auditor Daichi Seki (CPA)Outside Auditor Ikuo MurataKenta IzumiOutside Auditor Head OfficeCurrent: 3rd floor of VORT Ebisu maxim, Higashi, Shibuya-ku, TokyoNew: 13th floor of JR Tokyu Meguro Bldg., 3-1-1 Kamiosaki, Shinagawa-ku, Tokyo (from May 16, 2022)BusinessDevelopment and provision of cyber security services using Artificial IntelligenceSubsidiaryCyber Security Cloud Inc. (USA)*We acquired Softek Co., Ltd. on Apr. 1.No. of engineersAbout half of employees*Global* as of the end of March 2022Based in two regions: Japan and USAJ a p a nU S A25Corporate PhilosophyCreating a cyberspacethat people around the world can use safely and securely(C) Cyber Security Cloud , Inc. 202226Corporate Security can be Classified into Two TypesCorporate securityWeb securitySecurity of PCs and in-company networksSecurity of websites accessed by everyone, etc.27What is WAF (Web Application Firewall)?⚫ WAF is a security service for blocking attacks to websites.⚫ We block attacks from hackers, based on the rules (signatures) that summarize attack patterns. ⚫ Since new patterns of attacks emerge one after another, it is important to keep the precision of signatures high.General viewersHackersSignatureWebsite(C) Cyber Security Cloud , Inc. 202228Our Service Lineup⚫ Domestic security manufacturer that provides secure environment with its own development and support.Cloud WAFAutomatic public cloudWAF operation serviceSet of rules exclusively for AWS WAFTool for collecting and managing vulnerability informationAWS WAFManaged RulesTool for visualizing and blocking cyber attacks to websitesAutomatic WAF operation tool for AWS, Azure, and Google Cloud based on AISet of rules exclusively for AWS WAF unique to Cyber Security CloudService of collecting vulnerability information and providing patch information and attack avoiding methodsDomesticmarket share*1No.1No. of users ofthe automatic AWS WAF operation service in Japan*2No.1No. of users who Adopting the tool2,588in over*370 countriesMarket share for vulnerability information provision servicesAmount ofvulnerability information providedNumber of original contentson vulnerability*4No.1in Japan+1 Surveyed by JMRO; Outline of the survey: Survey on results in FY 10/2021+2 Surveyed by JMRO; Outline of the survey: Survey on results in FY 7/2020*3 As of March 2022*4 Surveyed by JMRO; Outline of the survey: Survey on results in FY 8/2021(C) Cyber Security Cloud , Inc. 202229Strengths of the Cloud WAF Shadankun24/7 satisfactory supportin Japanese✓ Dedicated operators support customersin Japanese 24/7✓ Easy-to-understandmanagement window in Japanese✓ Reliable technical support for installationAccurate security measures正確なセキュリティ対策✓ Mounted with an AI enginefor detecting attacks✓ Misdetection is rare✓ Utilization rate: 99.999%Speedy and easy installationReliable domestic services✓ Can be installed without changingthe current system✓ Compatible with variousweb systems✓ Can be installed in a dayat the earliest✓ All the development, operation, andsupport are dealt inhouse in Japan✓ Swift support, including responseto misdetection✓ Services tailored to security in Japan(C) Cyber Security Cloud , Inc. 202230WafCharm for Reducing the Burden on Engineers⚫ WafCharm is a tool for automatically operating WAF for the three major public clouds in the world*. ⚫ It can reduce the man-hours of engineers for operating WAF inhouse.⚫ Currently, we offer it in Japan and the U.S., and plan to spread it globally further.Before installing WafCharm(in-house operation)After installing WafCharmMonitoring andscrutinizingSignature adjustmentPublic cloudWAFPublic cloud WAFoperated by WafCharm・Requires advanced technical knowledge・Monitoring new vulnerabilities is a must・Signatures are developed in house・No need for advanced technical knowledge・Latest vulnerabilities are monitored by us・Latest signature is appliedSignificant burden on engineersReducing burden on engineers*AWS, Microsoft Azure, and Google Cloud (Canalys “Global cloud services market reaches US$42 billion in Q1 2021”)(C) Cyber Security Cloud , Inc. 202231AWS WAF Managed Rules, used Around the World⚫ A set of rules exclusively for AWS WAF, which can be purchased in AWS Marketplace.⚫ We have users in over 70 countries and regions, and global users account for over 50%.Europe0349Africa013Asia01,440(1,246 in Japan)Oceania0105NorthAmerica0566SouthAmerica0115Total number of users: 2,588(as of the end of March 2022)(C) Cyber Security Cloud , Inc. 202232SIDfm, an All-in-one Tool for Dealing with Vulnerabilities⚫ Tool for identifying necessary information from all kinds of vulnerability information and visualizing countermeasures and progress.⚫ Streamline client’s security management operations by vastly reducing the man-hours for collecting vulnerability information and collectively managing the progress.Collectionof vulnerability informationIdentificationof necessary informationEvaluationof the degree of impactHandle and Correct vulnerabilitiesRecordand ManageprogressCases of managing vulnerabilities using productsTools&manual operationManual operationToolsManagement and operation with multiple tools and manual operation are cumbersomeUnified management with SIDfm(C) Cyber Security Cloud , Inc. 202233Major Cases of Cyber AttacksDDoS attacksMultiple computers send a huge amount of access and data to a target server.SQL injectionAn improper string of letters is input to attack the database of web apps.Cross site scriptingA trap is set on a specific website to lead users visiting the website to another vulnerable website and steal personal information.Zero-day attacksAttacks carried out during a period from the discovery of vulnerabilities to the application of fixed programs and corresponding patch.Brute-force attacksTo find a password, all theoretically possible patterns are entered.Password list attacksUsing the already obtained IDs and passwords, they try to access a website and log in illegally.(C) Cyber Security Cloud , Inc. 202234Cases of Damage Done to Websites Through Cyber Attacks⚫ Cyber attacks could affect corporate business activities in various ways, leading to the leakage of personal information, the decline in stock prices, and shareholder derivative suits.Loss ofSales OpportunityDamagingBrand ImageCompensation for Damages(about 630 million yen/case*1)Leakage ofPersonal InformationDecline in Stock Prices（10％ on average*2）ShareholderDerivative Suits* 1 Source：JNSA 2018 “ Survey Report regarding Information Security Incident” * 2 Source：JICI “Quantifying Cyber Risk Survey which can be used in discussions at Board of Director meetings”35Concrete Examples of Information Leak⚫ A lot of information leaked in various fields. Before the full enforcement of the amended Act on the Protection of Personal Information, all enterprises need to fortify cyber security.FieldDescriptionNo. of pieces of informationInformation/telecommunicationDue to the unauthorized access by a third party, the business information of affiliates and the information on employees leaked.About 20 millionAir transportationA database on customer information was accessed improperly, and the data on names, member numbers, and statuses leaked. About 1 millionEducationSystem servers suffered cyber attacks, and information on the use of the servers leaked.About 43,000FinanceSmartphone apps for members suffered cyber attacks, and customer ID information was accessed improperly.About 16,000Electric power /gas Provided apps suffered unauthorized access, and email addresses leaked.Electric devicesCloud servers suffered cyber attacks, and some information on business partners leaked.Food productsEC sites suffered unauthorized access, and membership information leaked.Land transportation EC sites suffered unauthorized access, and card information leaked.MediaEC sites suffered cyber attacks, and personal information leaked.About 10,000About 8,000About 5,000About 3,000About 1,00036Recurring Revenue Based, SaaS Type Business ModelPercentage of recurring revenue accounting for overall sales of our GroupHigh growth rate94.3 %Recurring revenueOther revenue*Ratio of MRR for the past year (At the end of March 2022) to sales of our GroupAwarded 21st place in Deloitte Touche Tohmatsu Limited’s Japan Technology Fast 50Recorded a profit growth (Net Sales)of 114.3％ in 2021Stable profit from continued billingLow churn rateNew contracts contribute heavily to the sales ofthe following year.NewHigh proportion of recurring revenue and lowchurn rate secure a stable profit.Churn rate of Shadankun *11.07％Churn rate of WafCharm *20.83％At the end of March 2022At the end of March 2022Continuous contracts1* Produced based on the average MRR churn rate of each product in the past 12 months.MRR churn rate is calculated by dividing the MRR lost in the month concerned by the MRR as of the end of the previous month.2* Average churn rate in the past 12 months. Churn rate was calculated by dividing the cancellation number of users in the latest year in the n-th term by the number of users in the (n-1)th term.37Voices of UsersInterfactory, Inc.(Securities code: 4057)Development and operation of the cloud commerce platform “ebisumart”coconala Inc.(Securities code: 4176)Development and operation of “coconala,” a flea market for skillsThe largest share in the cloud EC market *1The largest number of client companies and sites in the cloud WAF market *2The largest skill market in JapanThe largest number of userswho adopted the service of automaticallymanaging AWS WAF in Japan *3As customers are highly aware of cyber security, I thought that WAF, which builds a wall outside a system to block cyber attacks, is an effective option and reassures customers. We chose Shadankun, because it can be applied flexibly to extraordinary, complex systems like ebisumart, which is operated by multiple stores with multiple servers while WAF rules need to be adjustable at each store. After installation, it requires few man-hours for management and operation, so the workload is light.Interfactory is now able to notify customers that it has implemented security measures to a sufficientdegree.Some frameworks were old versions, and I considered that any problem during the shift to new frameworks would produce significant trouble. However, it was difficult to offer security patches from our resources, so we decided to adopt WAF for security measures. With WafCharm, it became much easier to operate AWS WAF.By leaving the operation of AWS WAF to WafCharm, it became unnecessary to allocate resources to security measures anymore. Their support is perfect, and they deal with our worries and questions smoothly in a satisfactory way.CTO Ken MizunoDevelopment Dept. Head Kunihiro Okamoto*1 Source: Fuji Chimera Research Institute “New software business market in 2020－In-depth survey on major packages and SaaS in Japan” ＜EC site development tool/SaaS (cart-less type)> *2 Source: Surveyed by JMRO; Outline of the survey: Survey on results in FY 10/2021*3 Source: Survey by JMRO (Survey in the term ended July 2020）38Some of Our Client Companies⚫ Security needs grew regardless of industry, scale, and business, and various enterprises have adopted our services.Finance/public offices, corporations,and groupsIT and servicesMedia and entertainmentTransportation and constructionManufacturersHuman resources39Competent Sales Partners who Support the Sales Promotion of Our Services⚫ We offer products to a broad range of users via many sales partners.⚫ We aim to increase sales partners, to expand our sales network.AWS Premium Service Partners（Among 12 companies, 6 companies are our partners.）** The top-ranked partners of AWS that possess advanced technical knowledge of the design and development of AWS Workload and significantly contribute to the business expansion of many clients. (C) Cyber Security Cloud , Inc. 202240ⅤBusiness Environment Surrounding CSC41Ever-increasing Cyber Attacks⚫ In parallel with the increase of users of the Internet, the number of cyber attacks is growing. ⚫ Through the acceleration of DX, cyber attacks are projected to increase further. Communications related to cyber attacks [100 million packets]Total number of packets per IP address per year1,281 1,504 3,220 2,121 5,001 545 2015201620172018201920202030Produced by our company with reference to “NICTER Observation Report 2020” by Cyber Security Research Institute of NICTAcceleration of DX(C) Cyber Security Cloud , Inc. All Rights Reserved.42Low WAF Adoption Rate Among Small, Medium, and Second-tier Enterprises⚫ WAF is common among top-tier enterprises with 5,000 or more employees.⚫ Meanwhile, most of enterprises with less than 5,000 employees have not adopted WAF. There is significant room for increasing the adoption rate.Classification of enterprises according to the number of employeesWAF adoption rate in 2020*1Top-tier5,000-Second-tier1,000-4,999Middle-tier100-999Small and medium-sized-995,001,00100～～99人72.0%33.3%12.7%Significant roomfor growth3.2%*2* 1 Produced by our company with reference to “Survey on the Trend of Use of Communications Services in 2020” by Ministry of Internal Affairs and Communications * 2 Surveyed by our company(C) Cyber Security Cloud , Inc. All Rights Reserved.43Cyber Security Measures Required in Parallel with DX⚫ The Cyber Security Strategy for the Next Term (provisional), approved in September 2021, indicates that the measures for DX and cyber security will be implemented at the same time.▼ Taken from the press release on “The Cyber Security Strategy for the Next Term (provisional)” by Cyber Security Center of the Cabinet dated July 7, 2021: https://www.nisc.go.jp/conference/cs/dai30/pdf/30shiryou01.pdfMajor concrete measures ① To raise executives’ awarenessTo visualize activities and give incentives in accordance with the guidelines for cyber security management through implementing the course of action for digital business administration, and promote further activities② To promote DX with cyber security in regions and SMEsTo deal with the shortage of knowledge, personnel, etc. for digitalization through the growth local communities and the system for examining and registering services for SMEs ③ To develop a foundation for securing the reliability of the supply chain, etc. To carry out various activities while considering the framework compatible with Society 5.0, etc. Supply chain: Consortium led by the industrial sectorDistribution of data: Defining data management and securing of data reliability in trust servicesSecurity products/services: Popularization of a third-party assessment serviceCutting-edge technology: Development of common infrastructure to gather, accumulate, analyze, and provide information④ Improvement and retention of digital/security literacy of everyoneTo carry out various activities while linking them with support for utilization of digital technology, as information education is being promoted. 44Activities of the Japanese Government for Cyber Security⚫ Digital Agency will be established in Sep. 2021, and the amended Act on the Protection of Personal Information will be fully enforced in Apr. 2022.⚫ All Japanese enterprises will be required to take more effective security measures. Establishment of Digital AgencyFull enforcement of the amended Act on the Protection of Personal Information ⚫ Digital Agency will start operations in Sep. 2021.⚫ Management of personal information with the Social Security and Tax Number system⚫ Promotion of use of IT in medical and educational fields⚫ Full enforcement in Apr. 2022⚫ It will be obligatory to report to the personal information protection commission and to notify individuals.⚫ The penalties on corporations became severe. (up to 100 million yen, enforced in Dec. 2020)More effective security measures are required(C) Cyber Security Cloud , Inc. All Rights Reserved.45Regarding the Amended Act on the Protection of Personal Information⚫ If information leaks, it will be necessary to report it to the personal information protection commission and notify those whose information has leaked. Which means the statutory penalty was raised, and the penalty on corporation became severe.Leak of information or its riskReportMandatoryPersonal information protection commissionNotifyIndividuals whose information has leakedIn case of violation of an order from the personal information protection commission*The penalty on corporations will be up to 100 million yen.Items that need to be reported to the commission and individuals whose information has leaked set forth in the regulations of the personal information commission because there is a greater risk of harming the rights and interests of individuals① Leak of personal information that needs to be handled carefully (such as data on health checkups and medical histories)② Leak of personal information that may cause damage to assets when used improperly (such as credit card information)③ Leak that may have been caused for a nefarious purpose (such as unauthorized access and hacking)④ Leak of personal information on over 1,000 individuals * Violation of an order from the personal information protection commission, unauthorized provision of a personal information database, etc. (C) Cyber Security Cloud , Inc. All Rights Reserved.46Broad Cyber Security Market⚫ Our company has the largest share in the domestic market, but our share is less than 1% in the entire market, so there is significant room for expansion.⚫ The progress of DX will become a growth factor for us.Overseas marketabout 12.8 trillion yen*1Domestic marketabout 300 billion yen*2Factors inmarket growth・Increase of websites・Promotion ofcloud services・Increase ofcyber attacks・Improvement in WAFadoption rateProjected CSC sales in FY2022About 2.3 billion yen47*1 Estimated by our company from the number of corporations in the world: 213 million (Statista “Estimated number of companies worldwide from 2000 to 2020”) and the most affordable plan ofWafCharm (5,000 yen/month) for 12 months.*2 Estimated by our company from the number of corporations in Japan: 2,758,420 (National Tax Agency “Company Sample Survey in 2019”), the ratio of companies that have opened a website (MIC “Reporton the trend of use of information and telecommunication technology in 2020 (for enterprises)”), and the most affordable plan of Shadankun (10,000 yen/month) for 12 months. Position of Our Company in the Cyber Security Market⚫ In the Japanese security market, which is filled with foreign products, our company is one of a few Japanese makers that develops, operates, and sells products.WebsecurityServiceconsultingtradingcompaniesMany security enterprisesOur ownproductsCompanyACompanyBCompanyCCompanyDIn-house securityPosition of CSC① Our own productsWe handle our own products developed by our engineers. We can provide our products flexibly according to customer needs through in-house development and operation.② Web securityDiffering from the security services for protecting PCs and networks, our services protect corporate websites.48DisclaimerThrough preparing this material, our company assumes that the information we were able to collect is complete and accurate. but we do not warrant or represent either the accuracy or the completeness of this information. Also, the assumption or the outlook of future dates after this information is released, may include assumptions based on plans but these information regarding the future is built on rational decision making based on information we have collected, and the information does not mean that we will warrant the achievements. The different between assumptions and actual achievements may be influenced by change in the economy, customer needs, user preference, competition between competitors and laws and other various changes. Due to many of these factors, there is a possibility that these results may vary. Furthermore, upon releasing this material, we do not have any obligation to update or revise this material in the case new information or future events occur.To create a secure cyberspace that people around the world can use safely49