Company profile

Profile in brief
secunet is one of the leading German providers of high-quality IT security. Over 300 experts work in the areas of cryptography, e-government, business security and automotive security, and develop innovative products in these fields in addition to highly secure and reliable solutions. Many DAX companies as well as numerous authorities and organisations are among secunet's national and international customers. secunet is IT security partner of the Federal Republic of Germany and Partner of the German Cyber Security Alliance. secunet was founded in 1996 and achieved sales of EUR 67.2 million in 2012. secunet Security Networks AG is listed on the Prime Standard of the German Stock Exchange. In addition to the headquarters in Essen, the company has six further locations in Germany. For more information, please visit www.secunet.com.

Facts and figures at a glance

Foundation: 1996, as a divestment of RWTV Essen Type of enterprise: Corporation, listed on the Prime Standard of the German Stock Exchange. Main shareholder: Giesecke & Devrient GmbH, Munich (approximately 79% of shares) Headquarters: secunet Security Networks AG Kronprinzenstrae 30 45128 Essen Germany Further locations: Berlin, Dresden, Eschborn, Hamburg, Munich and Siegen (Germany) Service portfolio: Holistic IT security including consulting, concept design, development, implementation, support and powerful products Business units: Business Sector, Public Sector

Customers: Over 500 national and international customers, including the German Foreign Office, Federal Ministry of Defense, Federal Ministry of the Interior, Federal Office for Information Security, Regional Tax Authority of Bavaria, Howaldtswerke-Deutsche Werft GmbH, mobile.de, BMW, Audi, National-Bank, Commerzbank, Gelsenwasser, Stadtwerke Bremen, Stadtwerke Mnchen Industry solutions: Public sector, defense, healthcare, security organizations, energy suppliers, financial service providers and insurance firms, telecommunication, industry, automotive industry, transport and logistics Memberships: BITKOM, TeleTrusT Deutschland e.V. Board of Management: Dr. Rainer Baumgart (Chairman, responsible for the business unit Public Sector, corporate development and corporate communications) Willem Bulthuis (responsible for the business unit Business Sector) Thomas Pleines (responsible for finance & controlling, legal department, human resources, DP)

IT Security the highest requirements

IT security has long been one of the top-priority issues and one of the greatest challenges for any organization in today's information society. The sector is characterized by fast technological development as well as a very complex range of diverse issues. Additionally, national and international legislation, regulations and directives often dictate very special requirements concerning the security of data and infrastructures. At the same time, organizations are becoming more vulnerable as a result of their growing dependency on well-functioning and networked information processing as well as an increased need among employees for mobile and flexible access to corporate data. More frequent use of different devices and applications also increases risks due to incorrect usage and negligence. The urgent need for a comprehensive, continuously updated security solution for companies and authorities also results from increasingly more sophisticated forms of industrial espionage and cyber war attacks. Today, attacks are not only carried out by individuals, but by well-organized and well-funded groups. This was made clear to the general public at the end of 2010, for example, with the professionally developed and highly complex Stuxnet virus. But it is not only internal networks that are becoming more vulnerable as a result of increased introduction of electronic components and their connection with the Internet; national infrastructures are also at risk. Attacks on electricity and telephone networks can be launched from anywhere in the world. Even vehicles will soon be

communicating with each other via the Internet. These areas also need stringent security measures to maintain a functioning infrastructure. However, the market provides no assistance in terms of orientation due to high provider fragmentation. Consequently, a comprehensive, substantiated overview of security requirements and solutions is all the more important. For companies and authorities, the relevant financial and personnel investment is usually too high, so they rely on specialist service providers.

secunet: premium IT security "made in Germany"

Effective, comprehensive IT security can only be achieved through careful planning and professional support. Alongside intelligent technology, factors relating to infrastructure, legislation, organization and personnel must be taken into account during concept design and rollout. secunet relies on holistic IT security that takes into account all these aspects and implements them in applications with long-term protection. Customers benefit from comprehensive consultation as well as from a technologically advanced service and product portfolio that fulfills even the highest security requirements. secunet offers in-depth know-how in various security fields. These range from the highest security levels in authorities and complete solutions for companies, to the protection of Internet access in vehicles. In addition to products developed and marketed in-house for different security levels, secunet also implements solutions from other security providers in order to achieve the best-possible protection tailored to suit the individual needs of the customer. Alongside design concept and installation, the service provider also assumes responsibility for daily operation. The fields covered by secunet include securing authorities' communication by means of encryption, protecting applications in e-government, developing important security technology such as electronic passports and De-Mail, and securing critical infrastructures. secunet also uses the experience gathered in these highly sensitive areas to safeguard business-critical processes in companies. These include, for example, research and development projects, special manufacturing processes or confidential information for armaments manufacturers from the Federal Ministry of Defense. In close collaboration with the German Federal Office for Information Security (BSI), secunet continues to design, develop and evaluate new components and products and roll out data security projects. Additionally, secunet has long-term partnerships with the German Federal Ministry of the Interior (BMI) and well-known automotive manufacturers and suppliers.

Important information about the company 1996 Foundation of secunet from RWTV Focus: digital signatures and cryptography with Internet technologies 1999 Initial public offering Pioneer for PKI/trustcenter development for digital certificates in Germany 2000 Launch of SINA (Secure Inter-Network Architecture) product development for encrypted transmission of confidential documents on behalf of the BSI Expansion from consulting business to product manufacturer Initial tests for the introduction of biometry in sovereign documents 2004 Giesecke & Devrient becomes main shareholder Acquisition of SECARTIS AG, a subsidiary of Giesecke & Devrient from the IT security sector Appointment as IT security partner of the Federal Republic of Germany 2012 Sales: 67.2 million euros EBIT: 5.7 million euros Employees: 301 (As of 31 December) SINA components in use: > 30,000

Formation of the company With the advent of the World Wide Web in the 1990s, the Rheinisch-Westflische Technische berwachungsverein (RWTV) in Essen expanded its area of activity to cover the evaluation of network security. Digital signatures and encryption technologies in particular played a major role in this. As more and more companies wanted their networks to be tested and improved, the TV carved out its department for IT security under the name secunet. The service provider did not only test network security, but also improved it together with the customer through consulting and training as well as designing, implementing and operating an optimized security solution. This is still the focus of its activities to this day. With the further development of security technologies, at the end of the 1990s, secunet contributed to comprehensive public key infrastructures for issuing, distributing and checking digital certificates via state-approved trustcenters.

Business Sector Be it intelligent networks, mobile applications, IT-based control of manufacturing and logistics processes or computerisation of transportation and traffic systems, the economy is more dependent now than ever on information and communication technology (ICT). Increasing computerisation enables many business processes to be modelled electronically to then fully exploit the potential for networking. However, attacks on company networks, industrial espionage, cybercrime and data protection requirements demand intelligent IT security solutions to ensure that processes run smoothly. The secunet Business Sector supports customers in the finance, insurance, energy, industry, ITC, traffic and transportation sectors, plus automotive manufacturers and suppliers, with secure networking of ICT in internal EDP, within their own core business and embedded in their products and services. secunet does this by using intelligent concepts and implementations to promote the commercialisation of trends and technologies such as Web 3.0, cloud computing, mobile web and mobile commerce, Industry 4.0, machine to machine communication or ubiquitous computing. The core competence of the Business Sector here lies in the development and production of flexible security solutions that can be integrated into existing IT landscapes without affecting live business processes and adapted to progressive technological developments. Using methodical and technical expertise and specific industry knowledge, and taking into account the relevant legislation and standards, the business sector supports companies with the implementation of custom information security measures. The range of services offered for this includes security consultancy, audits and assessments, carrying out penetration tests, generating security concepts, strategies and designs, plus technology assessments, development, integration and operation of hardware and software products, comprehensive solutions and targeted training. secunet provides tailored support through managed security services, 24/7 monitoring and on site directly with the customer. Public Sector Processes and IT infrastructures in public agencies place specific requirements on information security. The range of areas of use, from securing digital communication and protecting e-government applications (e.g. against cyber-attacks and espionage) to secure official documentation such as electronic passports and the new personal ID card, require high quality customised IT security solutions. Another challenge is the necessary level of security, which is always very individual in character and, depending on the purpose, can vary from information ranked as non-classified to TOP SECRET.

secunets Public Sector offers guidance and advice to national and international public sector and defence customers, drawing on state-of-the-art products and services that can be combined as required, along with customised security solutions. These are attuned to the demands of modern administration, enabling the fulfilment of official tasks and corresponding with the high security requirements on the protection of classified information. The special strength of the Public Sector lies in its years of experience in dealing with security requirements in public administration and in the range of products and services focused on these. IT security solutions are designed, developed and implemented with specific attention paid to the special infrastructure, legal, organisational and personnel factors. This comprehensive approach has already been put to use in areas such as network infrastructure, authentication, client and platform security, secure internet use, De-Mail, e-government, accompanying sensitisation measures, portal security (e.g. ELSTER), public key infrastructures and cryptography plus in the implementation of IT security solutions in the area of critical infrastructures. The SINA product family, which was developed in cooperation with the German Federal Office for Information Security (BSI), is a particular focus for the secunet Public Sector team. SINA enables secure processing, storage, transmission and verification of classified and other sensitive data. Separate components are approved for the protection of information at all levels of national security classification and also have NATO and EU approval. In order to meet market requirements, the Public Sector team has joined with renowned research institutions to work on demanding research areas (including IP security and separation technology). This also includes the (re-)development of national and international standards and corresponding technical specifications. This enables innovative applications and solutions that correspond to the incoming standards to be developed in good time. Examples of applications that have been successfully implemented in the past are the EasyPASS automated border control system and the introduction of biometrics-supported visas in Germany. Press contact: Christine Skropke, Spokesperson Phone: +49 201 5454-1231 Fax: +49 201 54 54-1235 Patrick Franitza, Press Relations Officer Phone: +49 201 54 54-1223 Fax: +49 201 54 54-1235 eMail: presse@secunet.com www.secunet.com secunet Security Networks AG Kronprinzenstr. 30 45128 Essen (Germany)