 My name is Rasmus Holst, I serve as the Chief Revenue Officer at WIRE, and the topic for today is basically to examine a couple of things. First and foremost, what is actually the risk threat of this happening? Because you can say with a headline like this, this is a significant statement and will not happen to all companies in the world. This has happened to a few, but in minding that, would that actually be applicable to everything from small, medium businesses to the very largest businesses in the world? And is there something you can do to be prepared? And when looking at things like this, especially with companies such as ourselves in the security space, there's a lot of questioning whether this is fear mongering or whether this is just creating a risk that is not true, and what to do about it. I do believe at the end we will also sum some of those things up and kind of try to outline how to do things right instead of taking the blame and the cost when these things happen. Because first and foremost, the one thing that is key to this is that everyone will get hit. It's not just a risk. It is at this point in time almost inevitable. We use this Cisco survey of security capabilities to outline this. You will see that companies with anything from one to 20 systems alone will face that between 30 to 70% of those will actually have a security breach over a 12-month period. And for companies with vendors more than that, that means that larger vendors, but even if you start to think of a small, medium business, 20 systems are not that many. It actually becomes an inevitable risk. And we are seeing this on the rise. So is this a concern for everyone or anyone in the industry? It absolutely is. If you look at where cyber threats actually rank on a scale compared to other business issues that could hit us, something like over regulations, which for decades has been one of the key concerns for CEOs is now no longer the top concern. Cyber threats in the year 2017 to 2018 actually overtook over regulation, terrorism, geopolitical uncertainty and those things. And you can say that on this left picture, these are mostly threats. These are risks to the business. So there must be some views on revenues as well. And we will examine that on the next page as well. But just bear in mind that at this point, the majority of companies will get hit. And by the same token, cyber threats have now become one of the key issues for CEOs and boardrooms across the world. And you can clearly understand that when you then see back to the same Cisco survey what the cost of any of these attacks are. They are anywhere from 500,000 up to 5 million. The ones that we mentioned on the front page are obviously separate cases. But I think they're very telling in terms of what really happens to an organization when something to the tune of a cyber threat or a breach of network where you actually lose control of your network, what really happens there. So in conclusion of kind of starting out, the cyber threats are real. It's becoming a key concern for boards and CEOs. The cost of these is immense. And I found a different survey of small, medium businesses in the US which actually says that post a cyber attack, 60% of small, medium businesses are not in business 12 months later. I think there's a bit of skew in the data possibly. But just think about it, if it was just half of that, the consequences of cyber breaches are violent to any business. So it's a constant and disruptive part of being a CEO today. And that actually is just very quickly highlighted, because this is the board survey from Vice Waterhouse Coopers. You will see on the other end of the spectrum, you will actually see the known ones from the page before, the cyber threats going from 8% concern in 2003 to 63 in 2018. This is in five years. And on the other side of things, you see an uncertain economic growth which would basically be the points that would relate to, can we sell more? Can we grow the business? Can we be prosperous in ways of moving forward? And that means that the risk scenarios now start to outnumber even the economic positive outlook to running your business. And with this being said, it is on everybody's agenda. It is on everyone's lips what can actually happen here. And then let's try and see whether they are actually right. And in real life, they are right. This is for Fortune 1,000 companies. They lost anywhere between 300 million to 50 million are the ones that have been public on record and talking about what really happened when NotPetya hit them. They lost control of the network. And all of a sudden, the entirety of their organization could not communicate, neither by email nor by voice, nor send everyone a message, nor get access to the systems that might have controlled or run and operated some vital functions in the business. So when you're concerned, when this ends up being the key concern for CEOs, then this is actually what really happens to businesses. And especially for Fortune 1,000 companies, these were hit, and the consequences for them were really severe. And this is not to say, when we go back to the first page, that SMBs will not be hit. Because if you really take and add all of this up, you can see that the larger companies get hit with a significant and very publicly real issue, whereas a lot of the SMBs face the issue that they will go out of business. However, when CEOs see that this is a threat and they know there are public stories out there, with not pet you can lose your entirety of your network. Everything can go away, and you can't operate the business. You could say, what is actually the function and the oversight responsibilities of boards in those situations? Boards do have an oversight responsibility to ensure that this is there. This C-level suite of a company of the size of TNT or Merck, they do have an obligation to make sure that those are in place. But what we traditionally have looked at is that we've had a discipline called crisis management, which was for the executives. How do we actually manage this? How do we communicate to the business? How do we make sure that we can communicate to everyone? It also entails if there are earthquakes or anything. All of that is part of the crisis management. If the stock drops, anything like that, is part of the executive task of ensuring that there is crisis management in place. Then you go and ask the business people, what is the business continuity that actually sits underneath you losing control of your network or having a cyber breach? And they will say, yeah, we can restore systems, we have backups, we have all these kind of things, and all of a sudden, and in doing so, you will say they actually have a business continuity plan. And then you have the final discipline, which is the crisis communication, the investor relations and the marketing. And they know how to communicate to the market. They all think that they are ready in terms of the plans they have in terms of communicating, the scripts they have for calling investors and all of that. But how are you gonna call investors when you have no phone system or no messaging system or no communication system at all because your network got compromised? How are you gonna inform the organization that this just happened when you have no communication? You have no way of pinging them because business continuity is still working on getting all of that up and running. And that is part of business continuity, but that means that crisis management and crisis communication cannot take place. So you're now in a situation where you need to have a look at how do we actually communicate? Because the crisis management plan without communication is worth very little and the same with the crisis communication. So when there's this need for boards and executives to really communicate, what really happens here? Musk, for instance, thought very clearly that they had all of these plans in place. But what happened with North Petra was that for 10 days, they were not actually able to operate neither their ports nor their internal, their internal systems nor their internal processes. And they were not able to consistently give an answer to investors and to the market of what they were gonna do and when they were gonna go back in normal operation mode. So when you're actually in a situation where you for 10 days lose control of your network and you've lost all internal, the traditional history of we will put everything on premise because that is more secure. We know exactly what's gonna happen. We have control of it and we can manage it. Goes out the window. You start to look to the public cloud to see is there anything out there that can help us? What can we actually do to get over this crisis? What can we do to call the people who are managing our ports and tell them what to do? In this situation, there was really nothing that was available for them to get hold of. So what did you actually start to do? You look to the public internet. What's available in our app store? What's available on Google Play? How can we start to get business entities up and running again? And we look at our private lives. And in today's day and order, we basically look at what do we have on our phones? A lot of us will be on WhatsApp, on Facebook or anything like that. And you go and think, hey, what a great idea. We can actually use WhatsApp because that can send a message. It can communicate. It can even make calls. So why don't we do that? Because it's both free. It's easy. It can save a burning platform. And the one thing that's key here is that it does not really require training. They're built as consumer products and therefore not as cumbersome internal IT systems. And therefore they can be available on demand with no training. A key risk management issue when this happens because you do not have time to train 900, nor thousands, nor tens of thousands of people in one go when this happens, you basically have to be ready with a product that is so easy to understand, so easy to navigate, so easy to use that it doesn't require any training and likely has to be available on demand either as a standby or available from App Store or maybe even a combination of both. Because the one thing we haven't talked about is that there's one entity which didn't really have a crisis plan. We didn't talk about how we actually would reach our customers. How would you actually reach any external entity? Because so far all of our plans have been internally focused. So let's just continue on the internal focus for a little while yet and look and examine at what really happens here. So now if we go that route, which was also the route that was taken by Merck and the route that we hear from a lot of the companies we talk to in respect to our wire red offering which is this type of crisis collaboration offering, they do go to these commercially available product because they are quick and easy. However, quick and easy comes with a cost. When you traverse that Chasm and go to the platforms that are on the free App Stores you actually take all of your data in your worst crisis and you put them on free commercial based advertising based tools in the worst crisis. So not only do you create a crisis in terms of the actual operation of the company under the new rules like GDPR in Europe or CCPA in Australia or the rules that Singapore and Brazil have either implemented or about to implement. You're actually also violating data management policies and actually violating policies that can get you in a risk of losing up to 4% of your total global revenue. So not only do you create a crisis or does an external entity create a crisis by tearing down your network and holding your ransom for getting that back, but at the same time your employees in the best will and in the best wishes to get the company back up and running are using tools that are basically now compromising your entire compliance system. So now we're creating a double crisis. However, and in creating this double crisis we can just examine what happens in the normal way of business and you will have seen that very publicly announced not too long ago was continental going out and banning what's entirely from the workplace because no company can actually manage the fact that they will take data from the mobile devices, suck up entire databases that you have on your phone of customer information and put that into the WhatsApp cloud. So they had to ban that from day to day work and from the work devices. However, in the crisis where your network is being held ransom, you have no network companies traditionally choose to do exactly that and take WhatsApp and use things like that in that typical type of crisis. So what you really have here is that you're doubling the crisis, you're doubling the risk and you're also doubling the consequences of this actual ransomware attack when it happens because you're doing things that large fortune 1,000 companies are banning in their everyday life. They now just amplify the crisis. So now you do not only have a economic type crisis from your loss of business, you do not only have a cyber threat as a part of this and you do not, but you have also created a compliance risk with great puts at risk up to 4% of your revenue. So the compound of that and the way of doing it that a lot of large companies and a lot of boards have had oversight over that we deal with this problem today is maybe not at all adequate for what you really need to be prepared for. And here's the thing, even when we talk about continental doing it very publicly and going out, having news articles and things written about them doing it in order to say that this is a key aspect of their operating the business. When you look at the Price Waterhouse report that we also used data from before in this webinar, 44% of boards are trying to create greater transparency to use it in storage of data. However, what just happened here, how are we ever gonna be able to remove data from the WhatsApp servers? How are we ever gonna be able to remove it from the Facebook messengers or the public available Skype? You're not. And that means that now we've created a longer lasting crisis than it really needed to be. So all of the privacy, all of the transparency initiatives that you put in motion will basically go out the window at the same time you are being hit with ransomware and cyber threats. So when we then go back and examine what we've learned from the first problem statement, which was it will happen, so get ready. If you then take that problem statement and say, I need to get ready, then let's try and examine five things that we basically learned from the case studies with Continental and Merch from some of the reports. One of the key things is that when you look at your crisis readiness, your crisis collaboration, you need to have a view that it underpins all functions that will be in crisis. One notable absentee in all of this and where there isn't that defined term for what you really do is sales. And do you really think that sales will be unharmed by not having a communication tool? We will examine that a little later, but make sure that when you do something, it actually underpins all of the crisis functions, not just the executive team, not just the investor team or the marketing and investor relations team, and also not just the business IT and business continuity team. The second part that we learned is that people have a tendency to gravitate to easy. What happened in the case of Merch is that people really gravitated towards things that were available on the public internet. They were zero-food print training, so that meant you could get up and running really, really quickly. The next part of that and the third part to the equation is that it's available on demand. That's again, a lesson learned from what happened in the not-patch attacks. People were seeking for things that were readily available on demand to get into a situation where at least functions of calling or messaging or collaborating between the entities, collaborating with externals would actually be available. Finally, the one thing that none of the people who tried to overcome not-patch actually found out how to do was to make it compliant. And here's one thing that has just amplified with the advent of the regulation that this now becomes more and more important to have this part as well. So all of the exams we just had, you can see it from the Continental, they try to make their normal day-to-day business compliant. So you cannot throw that out the window the day you actually get hit. And the final thing is that there is a economic consequence to all of this. The investors will increase confidence and they are similar to the boardrooms. They are looking at how prone are these companies to risk and from a cyber threat because when you see data like the PWC study and over 60% of CEOs say that this is a key aspect of their risk management scenario, then investors will also look to companies and generate more market capitalization for companies that have a communicated, ready and available plan to deliver a crisis collaboration, crisis communication platform to overcome these challenges and not create a double problem. So that is one thing. And now we've discussed all the way up to now how we will deal with this internally. But how do you actually communicate with your partners? Consultants, sales, investors, stakeholders, a lot of the business continuity requires consultants. A lot of the partners would like to be informed that something has happened. Sales would like to keep the orders coming in because otherwise it has a longer term impact on the business. And investors and stakeholders would of course like to know when are you ready, when are you back online and when can we again start to expect normal production of financial results from this company. So you can say one of the parts of the business that was not mentioned in my first slide on which teams actually have a crisis readiness plan is actually mentioned here. It is sales and the customer satisfaction, the customer service, all of the customer-facing relations. Merck in the sense of the not-patch attacks of their losses over $335 million were attributed to loss of sales. That's a phenomenal amount. And says that the traditional way of thinking about how we come out of a crisis is maybe more about collaboration, more about the external world as the cyber threats move and also impacts our external business as well as our internal operations of the business. This becomes a key aspect. And now you have to think about yourself and your business and say, would I actually be willing to offer an external partner and external key sales channel and investor the opportunity to go on to WhatsApp and talk to you through that channel. No, you would not. You would want to find something which is professional, which is secure, which is available to customers outside of the organization that you can still keep that door open, maybe even make sure that in your crisis readiness plan that that tool is more secure than what you normally have because at that point you will be exchanging very sensitive data about your business, about the time to recovery, about your sales, over tools that are maybe not designed for that at all. So here's the revenue side of it because a lot of the time when we talk about cyber threats we talk about the losses and the misses and things that go wrong because that is kind of the way we talk about ransomware and all of those things. But actually think about this and 135 million in overall long-term sales is gonna be a lot of impact also on financial plans going forward. And actually only amplifying the concern for economic growth of the company going on a forward going basis. So that is another part to keep in mind that when you really look at it maybe include the sales and customer service teams in there because a large portion of the risk actually sits with those teams in terms of revenue losses and lack of growth to the business because this ultimately will slow down the growth which again will impact your market capitalization as a large business. And boards and externals they care as well. Of course they care about the market capitalization they care about the governance of the company the compliance of the company and increasingly where they board meeting would be a lot about compliance it would be a lot about the sales and all of those types of things they are increasingly getting involved in the actual work and auditing the security the compliance around that and they do pay more and more attention to these particular areas of the business. So as the cyber threats become more apparent the boards also increasingly demand that you are audited, that you're secure that you're private and you're ready for collaboration in and across the entire business when it actually happens. So in saying so it is a key aspect for everyone involved in the business. So then we go to the key question which always is on everyone's lips. So is this just something where I should pour money into a black hole I should get ready for something that I hope will never happen to me regardless of the fact that we started out with a slide saying it's very, very likely there's a higher likelihood of it happening to you than not. So should I start pouring money into this hole? So I'm not sure that's the answer. I think the answer is that you're pouring money into a hole anyway because if you examine the other side of this where there's risk there's usually also insurance. And one of the fastest growing insurance markets in the current space is cyber insurance because they similarly to everyone else has seen the stats that I started out with where you have a massive growth in risk averseness from CEOs they're getting more and more scared it will happen. And therefore of course the value of the cyber insurance market will be growing as well. And if we look at how much is actually compromised it's about seven billion files on an annual basis. So it's a lot. And the cost to restore here this I put the lowest number. You can research some of the links that I've given below in the presentation but basically $140 per file is the cost to restore including getting it from backup, having consultants help, loss in brand it is kind of a compounded score for a normal file. Things that have higher value say a leaked annual report or anything to that tune can cost all the way up to 50,000. And now I say cost but that is how a cyber insurance will be assessed. So you take how many files are at risk what is the average sensitivity of these and how much can it impact the business if that gets tampered with. So what you're gonna face anyway is that you will have either a decision to make to fix the problem on making the solution right or you will face the consequences by paying a premium on insurance for not being ready. And on that note, the right way of doing that is of course to make sure that before you actually get to anything that's called insurance that you have made sure that you have a solution for the problem. And I gave you prior some of the key aspects of what it takes to put in a solution for such a problem because as I said earlier or also there are further penalties on this on GDPR and also on the amount of companies that actually get hit by this. So in totality when something like this actually is very prone to happen one should start looking around for a solution that underpins the five key aspects that I gave of what it takes to find a solution like this. So the thing about being on demand, being easy to use, underpin all of the functions in terms of crisis being compliant and increase the risk or increase the confidence from investors and external market entities because you can either argue to the market and to your investors, hey, we've taken out a cyber insurance policy that is very likely to be growing in terms of cost over the next years or we've taken out a solution which solves a large majority of the problem. So we believe that in any given circumstance we are less prone and more able to survive a full ransomware attack on our network. So don't just think of it as a cost and a risk prevention. The cost is there anywhere in either risk in insurance and you might as well look at it building it right from the outset. So I'll just try to recap some of the lessons and conclusions that we've come through throughout the presentation. You need to prepare whether large or big it will happen. When you look at it from an overall perspective include all of the business, include sales. They don't have a word for it yet but they are a key part of what happens to your business when you're held ransom or when you lose control of your network. Make it intuitive or risk that people download a social tool. If it's not intuitive, you have just seen from the case studies that we went through that people go to an on demand easy to use tool because that is what is really needed at that point. Make it secure. So protect the governance and the organization when this happens. Don't amplify the problem, try to contain it the problem. Make sure that the solution you choose for something to communicate and collaborate when you actually have a situation like an old picture happening again. You are ready also to protect the organization's communication at that point, protect your governance and be able to actually communicate with both internal and externals. Do not shut down, do not shut around yourself which is the natural motion to do when something like this happens. No, make sure that there are tools for sales customer facing functions to keep selling, keep serving customers, keep your reputation up because a large portion of the loss of reputation is that you're not able to serve your customers as you lose control of your network. So this is why we believe that the term crisis communication or business continuity, those are not the terms we should use in the future. We should use the term crisis collaboration and crisis collaboration is a secure fabric that everyone in the business can use that is ready on demand which is intuitive to use that you can basically pick up the day this happens and by doing so avoiding consequences of cyber insurance policies increasing and getting ready in that type of way. So basically, from all of these conclusions that I've given you some pointers that you can use from the data that we've examined or whether or not this will happen and the cost of whether or not this will happen, we at WIRE believe that there is a new breed that is called crisis collaboration that have the hallmarks of the five points that are made during the middle of the presentation and is amplified by being secure and being external so that you do not lose business as well over the course of the time where you do not have a full control of your network. And that allows business continuity in the IT division to work more and harder and more focused on the actual problem rather than solving the crisis collaboration challenge that is that the management needs to talk to the operations people that needs to talk to investor relations that needs to talk to partners that sales needs to talk to customers, all of that because that means that as long as we can collaborate internally, externally, a large portion of business can actually still be done. You can bring in the orders, you can communicate to the market to preserve your market capitalization. You can call for the best specialist to come and help you and you can stay in motion and not freeze completely. So on that, you can actually deliver a set of results that you can go talk to your boards and talk to your management about that you are able to put in place solutions to avoid this from happening. You can lower the risk, you can maintain sales production, you can use security as a fabric and not as an insurance and you can build board and investor trust which ultimately leads to better market trust. So there is a positive financial impact from doing this right, covering the risk, being ready and solutions are out there to actually be ready for those types of things. Thank you everyone. Have a great evening or a great day wherever you are and this will be the webinar. Thank you.