Bringing cyber to the Board of Directors & C-level · Bringing cyber to the Board of Directors & C-level and keeping it there Dirk Lybaert, Proximus ... website, contact centers,

Bringing cyber to the Board of Directors & C-level

and keeping it there

Dirk Lybaert, Proximus

September 9th 2016

Dirk Lybaert

Chief Group Corporate Affairs

We constantly keep people connected to the world so they can live better and work smarter.

5

€ 6 billion

Underlying Revenue

€ 1,7 billion

Underlying EBIDTA

€ 1,53 billion

Contribution to the Belgian state

€ 1 billion

Investments

14,000 FTE’s

6

Towards the best mobile experience and seamless connectivity

Secure sharing with our own Cloud and Security

expertise

A full range of Communication &

Collaboration platforms

Rich and varied content available on all screens

A superior customer experience through all channels:website, contact centers, retail outlets, email and social media

WAN-LANConnectivity

Network-basedCommunications

Professional Services

Datacenter Infrastructure

Network-enabledServices Internet of Things

Telco IT

Communication& Collaboration

Security

Cyber Security has always been a priority for Proximus

Manage risks

Protect customer’s information & company assets

Business continuity

Legal & regulatory compliance

Offer safe & secure solutions

Securityportfolio

Safe & secureservices

&

September 16th , 2013

29 August 2016 Sensitivity: Internal use only 12

It started 2,5 months earlier

when we detected a malware

In close collaboration with the authorities

2 months

200 people

26,000 systems scanned

Successful clean-up operation

Minutely precision

One weekend

You have no other choice

Strong involvement of top management

You must be prepared

CSIRT

Fast response

Cross-functional crisis management team

Steering bytopmanagement

Collaboration with key stakeholders

Communication is key

Multiple stakeholders

Intensive preparation

Timely & transparent

Based on known & verified elements

Don’t enter into speculations (the press will do for you…)

Preserve legal investigation

and real accelerator

Turning this experience into learnings

A strong response

Innovation

Company Culture

Competitive Market Dynamics

Business Model Evolution

Product & Serviceperformance

Customer Experience

Long term Ambitions VsShort Term Return

Legal/ Regulatory

Equipment & Technology

Employees Skills &Motivation

HR cost & flexibility

Environmental Liability

Macro- Economic factors

Partnership & M&A

Image & Brand perception

Compliance & data privacy

Hacking & Cyber attacks

Disasters

Supply Chain

Political Evolution

0102030405060708090

100

Hacking & Cyber attacks

Reviewed by ExCo & Audit Committee

Proximus cyber security program

Purpose

46 million € investment 2014-2017

reduce risks on information security

detect faster the incidents and provide

an effective response

Company transversal approach

Steering by ExCo & regular reporting to Board of Directors

5 pillars

Culture

Governance IT Telco Cyber Defense

1 2 3 4

5

Policies

Architecture

Compliance

Organization

Strategy

Risk management

Security in development lifecycle

Security testing

Suppliers

Awareness campaigns

Education

Proximus Cyber Security

Convention

Cyber Security Week

29 August 2016 Sensitivity: Unrestricted 30

Creating awareness among our staff

ExCo& Chairman of the Board@ Proximus Cyber Week

Limit entry points

Limit propagation

Limit risks of theft

Patching/updates

Access control for devices & users

And much more…

Segmentation

Administrator access

Encryption

Monitoring 24/7

Incident response & containment

Threat intelligence

Forensic research

International collaboration

Leveraging our internal expertise to help customers

CSIRT as a service

Response

Readiness

Breach

investigation

Incident

Response

Proactive

diagnosisMonitoring

Proximus CEO launches the Cyber Security Coalition

Academic

Enterprises

Authorities

Joining forces

Belgium European Telco’s Key stakeholders

We are subject to strict regulation

EU General Data Protection Regulation (2016)

European Framework Directive 2009/140/EC-> Belgian Telecom Law (2005)

Privacy Act (1992)

Looking from a business risk perspective

What if your contract would be

leaked?

Demonstrating our company & top management commitment

“If the rate of change on the outside exceeds the

rate of change on the inside, the end is near”

Jack Welch

29 August 2016

Sensitivity: Confidential

43

Security as Enabler for Business Transformation

New Way of Working

Big Data

Internet of Things

Enabling Company

Security as business objective and enabler for business transformation - 3 drivers

& &Offer safe & secure solutions

Securityportfolio

Safe & secureservices

Certification

Enable business transformation

New Way of Working

Big Data

Internet of Things

Enabling Company

Manage risks

Protect customer’s information & company assets

Business continuity

Legal & regulatory compliance

Insurance coverage