AUB Group Limited Annual Report 2023

DIRECTORS’ REPORT YEAR ENDED 30 JUNE 2023

KEY BUSINESS RISKS (CONTINUED)

2023 Commentary

Management and Mitigation

Technology and cyber security risk AUB’s information technology systems (including those provided by third party technology vendors) are vulnerable to damage or interruption from a number of sources. Information security breaches or Cyber incidents could significantly curtail AUB’s ability to conduct its business and generate revenue and lead to losses associated with investigation, rectification and remediation activities. Loss of sensitive (personal or organisational) information can lead to reputational damage, client distrust and regulatory inquiries or actions.

– Group has designed and implemented a suite of core capabilities to manage cyber security and cyber risk. From the establishment of a set of strategic objectives, to an industry aligned cyber security framework, to a roadmap focused on embedding solid foundations, we have developed an ecosystem whereby our cyber posture is continually assessed and enhanced. Taking a risk-based approach to prioritising the cyber roadmap initiatives, we are focused on meeting our strategic information security objectives and managing risk within the enterprises risk appetite and tolerance levels. Mitigation plans include: – a security operations centre with technologies such as managed detection and response (MDR) and security information and event management (SIEM); – cyber awareness training; – phishing simulation exercises; – vulnerability and patch management; – risk and threat assessments; – third party audits; – penetration testing; and – incident and disaster recovery exercises. Specific mitigation actions include: – Data protection framework including policies, standards and procedures; – Third party contracts include privacy and data loss provisions; – Use of incident management and responses plans; – Physical and system controls to ensure information is secure and available only to approved personnel; – Staff training on data and privacy requirements; and – Privacy due diligence checklist for M&A transactions.

Personal and Confidential Information AUBs operations rely on the secure processing, transmission and storage of confidential, proprietary and other information. In addition to information loss from technology and cyber security breaches, personal and confidential information may be lost due to theft, misplacement of data, human error or other similar events. Any loss, unauthorised disclosure or use of confidential information, including financial data, commercially sensitive information or other proprietary data whether by AUB or a third party could have a material adverse effect on AUB. The loss of confidential information could result in interruptions to operations, reputational damage and regulatory action.

AUB GROUP ANNUAL REPORT 2023

23