CYNERGISTEK I N V E S T O R P R E S E N TAT I O N NYSE AMERICAN: CTEK
SAFE HARBOR STATEMENTS This presentation contains, and our officers and representatives may from time to time make, “forward-looking statements” within the meaning of the safe harbor provisions of the U.S. Private Securities Litigation Reform Act of 1995. Forward-looking statements can be identified by words such as: “anticipate,” “intend,” “plan,” “goal,” “seek,” “believe,” “project,” “estimate,” “expect,” “strategy,” “future,” “likely,” “may,” “should,” “will” and similar references to future periods. Examples of forward-looking statements include, among others, statements we make (herein or otherwise) regarding the size of the potential market for our services; the number of potential customers/clients for our services; plans and strategies of CynergisTek and its subsidiaries for future growth and performance; market acceptance of our business model; our ability to integrate acquisitions and merged companies; and timelines relating to growth, milestones, and strategic focus. Forward-looking statements are neither historical facts nor assurances of future performance. Instead, they are based only on management’s current beliefs, expectations and assumptions regarding the future of our business, future plans and strategies, projections, anticipated events and trends, the economy and other future conditions. Because forward-looking statements relate to the future, they are subject to inherent uncertainties, risks and changes in circumstances that are difficult to predict and many of which are outside of our control. Our actual results and financial condition may differ materially from those indicated in the forward-looking statements. Therefore, you should not rely on any of these forward-looking statements. Important factors that could cause our actual results and financial condition to differ materially from those indicated in the forward- looking statements include, among others, the risk factors discussed throughout Part II, Item 7. Management’s Discussion and Analysis of Financial Condition and Results of Operations, and in Part I, Item 1A. Risk Factors of our Annual Report on Form 10-K for the year ended December 31, 2018; and throughout Part I, Item 2. Management’s Discussion and Analysis of Financial Condition and Results of Operations of our Quarterly Reports on Form 10-Q for the quarters ending March, June and September 31. Any forward-looking statement made by us in this presentation is based only on information currently available to us and speaks only as of the date on which it is made. We expressly disclaim any obligation to publicly update any forward-looking statement, whether written or oral, that may be made from time to time, whether as a result of new information, future developments, or otherwise. 2
INVESTMENT Loyal national Capitalizing on Pioneer and leader Innovative service customer base strong in healthcare offerings filling the with large upsell cybersecurity cybersecurity gap in the industry opportunity market growth 3
WHO WE ARE #1 CYBERSECURITY AND INFORMATION ASSURANCE COMPANY IN HEALTHCARE TOP KLAS PERFORMER 3RD STRAIGHT YEAR 2018 Most Comprehensive Cybersecurity Services CynergisTek won the 2017 Best in KLAS Award for Cyber Security Advisory Services STRONG THOUGHT WELL-KNOWN RELATIONSHIPS & LEADERS INDUSTRY TRACK RECORD PLAYER CynergisTek has been recognized by KLAS in the 2016 and 2018 Cybersecurity report as a top performing firm in healthcare cybersecurity. KLAS KLAS KLAS TRUSTED MARKET TAILORED Top Performer Top Performer Top Performer ADVISOR DRIVEN SOLUTIONS Cybersecurity HIT Advisory Technical 2018 Services Services 2018 2018 4
WHY CYNERGISTEK? CYBERSECURITY HEALTHCARE KLAS OVERALL RELATED COMPANIES SERVICES SPECIALIZED SCORE CLASSIFICATION CynergisTek ✓ 92.6 Comprehensive Deloitte X 79.8 Comprehensive FireEye** X 89.5 Comprehensive ✓ Fortified Health Security 85.7 Comprehensive Optiv X 87.8 Comprehensive Coalfire X 85.0 Broad PWC X 89.2 Broad EY X 91.1 Broad Clearwater Compliance ✓ 95.0 Advisory Focused *All information from KLAS Cybersecurity Services 2018 Report - June 2018 ** FireEye (FEYE) – Price/Sales = 3.62, Enterprise Value/EBITDA = -29.01 5
OUR MISSION EXPERTISE TRUST EXPERIENCE To be that trusted partner that enables our healthcare clients to build the cybersecurity and information assurance programs they need to protect and support patient safety and care operations by delivering exceptional service, expertise and knowledge. 6
INDUSTRY SNAPSHOT 7
ATTACK SURFACES CONTINUE TO GROW GLOBAL HEALTHCARE CYBERSECURITY SPENDING EXPECTED TO EXCEED ~$65B OVER NEXT 5 YEARS 8
NAVIGATE & PREVENT BREACHES Ransomware Privacy Threats Internal and IoT Threats External Threats Social Engineering Phishing Attempts 9
COMPLIANCE ASSIST PARTNER PROGRAM (CAPP) THE SERVICES WE PROVIDE Recurring Revenue model with 3-5-year contracts PERIODIC EXECUTIVE REVIEWS ANNUAL ASSESSMENT CynergisTek’s executive team leads An annual extensive review to identify workshops that are designed to: security gaps through the combination Review remediation progress of the following: • Provide guidance on regulatory Information Security Program • • changes and security threats Assessment Promote knowledge transference Technical Security Assessment • • Risk Analysis • Architecture Assessment • Wireless LAN Security Assessment • CAPP COMMUNITY CAPP MU EHR Security Controls • CynergisTek Advisory Service addresses Assessment questions, concerns, and advice covering technology, program development and maintenance, and regulatory compliance matters. INTERNAL & EXTERNAL TESTING CynergisTek will conduct regular internal and external testing to uncover potential OPTIONAL SERVICES threats. CynergisTek also offers optional services External: Quarterly • that can be customized to meet a Internal: Bi-Annually • compliance program’s unique needs. 81% OF REVENUE COMES FROM MANAGED SERVICES WHICH INCLUDE CAPP PROGRAMS 10
MAKE THE MOST OF YOUR PRIVACY MONITORING PROGRAM THE SERVICES WE PROVIDE PATIENT PRIVACY MONITORING AS A SERVICE (PPMS) CynergisTek collaborates with your organization to support functionality of your patient privacy monitoring tool. PPMS PPMS DESCRIPTION SELECT ELITE Audit Program Development ü ü Current & Future State Analysis ü ü PPMS Optimization Plan & End User Training ü ü Validation and Testing of Audit Tool ü ü Proactive Audit Reporting Analysis ü ü Incident Documentation and Escalation of Findings ü ü Audit Tool Optimization ü ü Standard Program Reports ü ü Reactive Audit Reports, Advanced Analysis, Advanced ü Program Reports and Advisory Services *Some services may vary based on monitoring tool capabilities. 11
Reducing The Supply Chain Risk THE SERVICES WE PROVIDE VENDOR SECURITY MANAGEMENT Evaluate and monitor vendors on a regular and ongoing basis. VSM ASSESSMENT APPROACH • Initiation: Analyst gets notified of ticket and initiates assessment in RiskSonar • Monitoring: Questionnaire/documentation request sent, and assessment progress updated/monitored. • Analysis: Analysis of vendor’s input conducted, and gaps identified upon assessment submittal VSM • Reporting: Single Assessment Vendor Report created; client notified it is ready for review within RiskSonar • Next Steps: Vendors notified of remediation requirements/re-assessments • High Risk Vendors: Client is notified of high-risk vendors – client uses Risk Acceptance or Risk Exception process • Risk Exception: If client approves risk exception, vendor is tagged and tracked for annual renewal VSM DELIVERABLES • Single assessment vendor with report outlining security gaps and risk rating • Status Updates on vendor participation and escalation of issues • Quarterly Program Report covering high-level of the vendor program including recommendations 12
SECURE AND PROTECT YOUR MEDICAL DEVICES THE SERVICES WE PROVIDE MEDICAL DEVICE SECURITY TECHNICAL ASSESSMENT A comprehensive inventory of networked medical devices and the associated vulnerabilities. MEDICAL DEVICE SECURITY ASSESSMENT An evaluation of security controls and an identification of gaps or vulnerabilities in the management practices for Medical medical device security. Device Security MEDICAL DEVICE SECURITY MANAGEMENT STRATEGY A strategy articulating di ff erent risk categories and a remediation roadmap to address the di ff erent categories and the unique issues/vulnerabilities. MEDICAL DEVICE SECURITY PROGRAM MANAGEMENT Our service is built to address the security aspects, as it relates to each component of the medical device lifecycle including policy development, pre-acquisition procedures, implementation and security control setup, identifying and reporting vulnerabilities, and coordinating remediation in conjunction with the device maintenance schedule. 13
Recommend
More recommend