Cyber Security Factsheet

Vodafone Group Plc Cyber Security Factsheet 2023

Introduction

Strategy

Governance

Risk management

Events

Strategy

Our cyber security strategy Our vision is a secure connected future for our customers and society. We are motivated by a clear purpose to inspire customer trust and loyalty by providing sustained cyber security, ultimately contributing to a secure society and an inclusive future for all. Our cyber security strategy sets out how we plan to achieve these goals. It is aligned to, and forms part of, Vodafone’s 2025 technology strategy. Our cyber security strategy has six pillars. – Control evolution: Maintain and improve our security controls beyond the existing cyber security baseline with an adaptive and risk-based framework. – Secure by design: All products and services have security built-in whether we build them ourselves or buy them from vendors. – Dynamic Trust: Strong zero-trust security based on dynamic risk-based access which is frictionless for users, for example, multi-factor authentication and moving away from passwords. – Real-time data, real-time response: The next generation of our detection and response capability, more automated and based on advanced analytics. – Spirit of Vodafone & cyber culture: Engaging our people, nurturing our engineering community and Group-wide cyber security training and simulations. – Security for society: Collaborate widely to encourage standardisation, share intelligence, and engage on regulation. We review our cyber security strategy each year and align priorities to the budget cycle, so our operating companies are clear on the investment priorities for security.

Strategic pillars

Our customers We provide cyber security support to our customers through Vodafone Consumer and Vodafone Business. For Consumers, we offer our Secure Net service to help keep them and their families safe. Secure Net detects and protects against online malware, infections and viruses, provides smart alerts if a customers’ identity is compromised, and provides parents with advanced parental controls. At the end of March 2023, Secure Net was available to mobile customers in 10 markets and converged customers in a further 5 markets and had 17 million subscribers. Where Consumers subscribe to additional security products, such as Secure Net, there are also significant NPS benefits. We also provide cyber security support to our business customers through Vodafone Business. Our products and services help our business customers of all sizes protect themselves from the evolving cyber security threat landscape and adapt to a new model of security necessitated by the adoption of hybrid working. Our portfolio of cyber security solutions for businesses is available in 16 markets and has 1.5 million users. Our products and services leverage our global network and partnerships, such as those with Accenture, Palo Alto Networks, Trend Micro, and VMWare, to make enterprise-grade security services accessible to organisations of any size. For SOHO and SME customers our focus is on click-to-buy services covering mobile, endpoint and network security. We are also expanding our services to cover emerging challenges such as human risk mitigation, risk assessment and certification. For mid-market business customers, we offer a range of professional and managed services that provide support across the full spectrum of an organisation’s cyber security needs – assessing risk with vulnerability assessments; penetration testing and cyber exposure diagnostics; protecting the organisation with firewall management and phishing awareness campaigns; through to full scale managed detection and response, and breach response and forensics services. For larger and multinational organisations, Vodafone Business offers a range of network, endpoint and managed security solutions to enhance mobile and fixed portfolios in this segment.

Dynamic Trust

Security & Privacy by design

Real time data, real-time response

Security & Privacy for Society

Security & Privacy Control evolution

Spirit of Vodafone & cyber culture

Year ahead Our core priorities for the coming year include continuing to implement and maintain our cyber security baseline controls – particularly in respect of protecting against ransomware, software security and multi-factor authentication for customers. Key security programmes include modernising our security event monitoring and data analytics platforms, enhancing our coverage for managing privileged access to network and IT systems, and implementing dynamic risk-based access rights for our workforce. We will also continue to enhance our cyber security awareness programme for all employees. Read more about our training and awareness programme on page 4

Click or scan to watch a video case study on how Vodafone Business security solutions are helping a leading international law firm: v odafone.co.uk/business/why-vodafone/case-studies/dac- beachcroft-and-managed-security-services