WhiteHawk : Quarterly Activities Report and Appendix 4C - quarterly

For personal use only

2022

Quarterly Activities Report

WHITEHAWK LIMITED

Quarterly Activities Report for the Period Ended:

30 June 2022

For personal use only

HIGHLIGHTS

WHITEHAWK LIMITED (ASX: WHK OR "THE COMPANY"), THE FIRST GLOBAL ONLINE CYBER SECURITY EXCHANGE ENABLING BUSINESSES AND ORGANIZATIONS OF ALL SIZES TO TAKE SMART ACTION AGAINST CYBERCRIME VIA RISK, MATURITY, COMPLIANCE AND THREAT, SOFTWARE AS A SERVICE ANNUAL SUBSCRIPTIONS AND VIRTUAL CONSULTS, IS PLEASED TO PROVIDE AN UPDATE ON ITS PROGRESS FOR THE SECOND QUARTER 2022.

• Invoiced to-date US$1.9M over US$742K in the same period in 2021, a 243% increase.
• During the 2nd quarter, collected US$210K relating to sales receipt from customers.
• US$425K in receivables as of 30 June.
• Finished the 2nd quarter of 2022 with a cash position of US$1.444M and no debt.
• Three new Cyber Risk Programs in partnership with Hathaway Global Strategies for U.S. based transportation manufacturer, Real Estate and Private Equity Firm.
• Scoped and finalizing procurement paperwork for two 60-day U.S. Government Cyber Risk Radar, Cyber-Supply Chain Risk Management (C-SCRM) Proofs of Value (POV) for $320K and $100K USD, respectively.
• Jointly responded to a U.S. Board of the Federal Reserve Cyber Risk Monitoring Market Survey with Dun & Bradstreet Public Sector (D&B), to be followed by capability demonstrations.
• Jointly responded to a U.S. Army Cyber Command Artificial Intelligence Request for Information with D&B.
• Competed in the U.S. Government's General Services Administration (GSA) and American Council for Technology and Industry Advisory Council (ACT-IAC)C-SCRM Shark Tank on June 9th and was selected as one of the two key winners, resulting in immediate exposure future demonstrations across the U.S. Federal Government Supply Chain Risk Management and Procurement communities.
• Developed and executed with D&B phase one of a joint email and social media marketing campaign highlighting our D&B Cyber Compliance offering for U.S. Federal Government Prime Contractors and their suppliers, vendors and partners.
• Selected by Amazon Web Services (AWS) Federal to participate in U.S. Department of Defense engagements and demonstrations regarding our respective Cybersecurity Maturity Model Certification (CMMC) 2.0 joint capabilities.

• WHITEHAWK QUARTERLY ACTIVITIES REPORT

For personal use only

UPDATES FROM QUARTER

Prime Cyber Risk Radar Contract with a Global Social Media Platform Company

Contract Summary

• Base year commenced on 14 February 2022. Contract has a base year with 4 option years.
• WhiteHawk providing an annual recurring Cyber-Supply Chain Risk Management (C-SCRM) subscription for a portfolio of 500 vendors/suppliers.
• Subscription includes both Continuous Monitoring and One-time reports for Cyber and Business Risks - all data and workflows centralized through an integrated and interactive Vendor Risk Management SaaS Dashboard.

Progress for the Quarter

• Onboarding of third-party vendors onto platforms for monitoring, alerting, and prioritization.
• Delivered Quarter 1 deliverables to client, which includes cyber and business risk reports and analysis.
• Completed Cyber Risk Radar platform customization in support of client's internal processes for third-party risk monitoring and engagement.
• Working with client to integrate directly with WhiteHawk platform to pull Cyber Risk Scorecard data to support client's internal data lake objectives, trend analytics and alerting.
• Continue to support technical collaboration sessions to identify and vet additional datasets for integration.

• WHITEHAWK QUARTERLY ACTIVITIES REPORT

Integration of Whitehawk Cyber Risk Scorecards with D&B Investigate

For personal use only

Contract Summary

• Base year commenced on 01 February 2022. Contract has a base year with 4 option years.
• WhiteHawk providing an integrated, white-labeled, and fully automated version of the Cyber Risk via APIs.
• Initial Subscription is for 2,500 Cyber Risk Scorecards to be allocated to D&B Investigate end customers in batches to support their monitoring of supply chain vendors/suppliers.

Progress for the Quarter

• Continue to participate in technical collaboration session for future requirements.
• Developed and deployed two production reporting capabilities to support internal WhiteHawk metrics collection and analysis.

Prime Cyber Risk Radar Contract being executed (1st of 4 option years after base year in 2019) in support of U.S. Federal Government Department Chief Information Security Officer (CISO)

Contract Summary

• WhiteHawk providing online Software as a Service (SaaS), an annual recurring Cyber-Supply Chain Risk Management (C-SCRM) subscription, with training and technical reach-back.
• Automated Business Risk Reports provided on-demand, and Cyber Risk Scorecards being provided quarterly via an integrated and interactive Vendor Risk Management SaaS Dashboard.

Progress for the Quarter

• Ongoing Business and Cyber Risk Continuous Monitoring, Alerting and Tracking.
• Continued support to new contractor team within client's organization, including demonstrations and training
• Preparing for final quarterly deliverables and supporting ongoing business strategies for upcoming 2nd option year renewal.
• Continue to introduce new datasets and capabilities for service improvements.

• WHITEHAWK QUARTERLY ACTIVITIES REPORT

For personal use only

Third Year Cyber Risk Program contract with major U.S. National Manufacturer via Global Consulting Partner and new Task Order vetting for Cyber Risk Radar

Contract Summary

• Cyber Risk Program is a "Hacker View" of prioritized cyber risks and mitigation strategies tailored and delivered to the Chief Information Officer (CIO), Executive Team, Chief Executive Officer (CEO), and Board of Directors (BoD).
• This independent expert risk assessment subscription for 7 Business Groups includes: Cyber Risk Continuous Monitoring and Prioritization; Quarterly Executive Level Scorecards and Reporting; and mapping to prioritized risk mitigation approaches and solution options.
• Client added deep assessment tasks which are underway across the CISO Team.

Progress for the Quarter

• Launched contract renewal and services.
• Support to both Consulting Partner and Manufacture end client on deep dives of analytic results and risk mitigation recommendations.
• Providing technical and thought leadership as end client is going through organizational changes. Developing near-term recommendations to increase security posture during transition, and long-term strategies to refine and mature security services focused on resulting organizational outcomes.

New Partnership with Hathaway Global Strategies for product line and technical reach-back to include Cyber Risk Program, Cyber Risk Scorecards, and Cyber Subject Matter Expert (SME) Services.

Contract Summary

• Delivering Cyber Risk Program and Cyber Risk Scorecards for a major transportation manufacturer and Real Estate Firm.

1. Cyber Risk Program for this client an annual subscription initiated in May 2022 focus on monitoring, analyzing, and preforming deep technical analysis of findings on the end-client's external facing infrastructure.

• 1. One-timeCyber Risk Scorecards for key client suppliers.
• Cyber Risk Scorecards for a private equity firm that seeks to invest in the agricultural and food sectors:
• 1. Cyber Risk Scorecards for end-client's key suppliers

• WHITEHAWK QUARTERLY ACTIVITIES REPORT