Investor Presentation Security and Compliance for the Digital Transformation Sumedh Thakar, President and CEO Joo Mi Kim, CFO February 5, 2026 Safe harbor This presentation includes forward-looking statements within the meaning of the federal securities laws. Forward-looking statements generally relate to future events or our future financial or operating performance. Forward-looking statements in this presentation include, but are not limited to, the following list: Our expectations and beliefs regarding t ...

Core Insights - Arctic Wolf has been selected by Chubb as a preferred Managed Detection and Response (MDR) provider for its cyber policyholders with over 100 employees, highlighting a mutual commitment to reducing cyber risk [1][5] Group 1: Partnership Details - Chubb's decision to partner with Arctic Wolf is influenced by the effectiveness of the Arctic Wolf Aurora Platform, which significantly reduces the likelihood and impact of major cyber incidents [2] - The Aurora Platform processes over nine trillion security events weekly, consolidating thousands of daily alerts into an average of one actionable ticket per customer per day, thereby enhancing operational efficiency [2] Group 2: Service Offerings - Arctic Wolf operates global security operations centers across North America, EMEA, and APAC, providing 24/7 operations and local personnel to support its services [3] - The company has a dedicated "insurance alliance" team that collaborates with brokers and carrier partners to promote the adoption of their security products [3] Group 3: Cyber Threat Insights - Both the Q2 2025 Chubb Cyber Threat Intelligence Report and the 2025 Arctic Wolf Threat Report identify unsecured Remote Desktop Protocol (RDP) and compromised VPN credentials as primary causes of major cyber incidents like ransomware [4] - Arctic Wolf's Concierge Experience and Security Journey provide ongoing guidance to customers, helping them implement critical security controls to enhance their security posture and reduce risk over time [4] Group 4: Customer Benefits - Joint customers of Arctic Wolf and Chubb may qualify for preferred pricing and promotional benefits aimed at strengthening their security posture and mitigating cyber risk [6]

UK-based professional services provider Aon is collaborating with SecurityScorecard to extend the range of cyber risk services available to its clients. Under the arrangement, SecurityScorecard’s outside-in risk management tools will be made available alongside Aon’s CyQu platform, which the broker says provides actionable data to support decision-making. The combined package is designed to help organisations pinpoint publicly exposed domains and possible weaknesses, aiding preparation for cyber underwr ...

Summary of Key Points from the Conference Call Industry Overview - **Industry Focus**: Technology – Software & Services, Payments & Fintech in Europe [1][9] Company-Specific Insights Oracle Corporation - **2Q26 Results**: Cloud growth is at the low end of guidance, with increasing pressure on gross and operating margins, which may undermine investor confidence in Oracle's execution capabilities in the growing GPUaaS market. The stock currently lacks a clear catalyst for growth. Price Target and estimates are under review [2][2]. Adobe - **4Q25 Results**: There is a re-acceleration in Digital Media NNARR growth and over 15% growth in Monthly Active Users (MAU) across key products like Acrobat, CC, Express, and Firefly. However, guidance indicates a continued slowdown in overall ARR growth, which may dampen investor enthusiasm. The recommendation remains Equal Weight [3][3]. Microsoft - **M365 Price Increases**: Recent price hikes for M365, driven by new capabilities, are expected to provide a revenue growth uplift of 55-60 basis points and a 1-3% uplift to EPS over the next three years. The recommendation remains Overweight [4][4]. Meta Platforms - **2026 Outlook**: Three catalysts are identified for potential outperformance: revenue revisions, a $155 billion operating expense guide for 2026, and monetization strategies from the Superintelligence team. Price Target set at $750, with a bull case of $1,000 [5][5]. Industry Trends Cyber Risk Management - **Sustainability and Cybersecurity**: Cyber attacks are a significant governance risk, yet sustainability funds are underexposed to cybersecurity. The rapid rollout of AI, increased security spending, and evolving regulations are seen as tailwinds for cybersecurity. Expanding cyber insurance coverage presents further opportunities [6][6]. Additional Insights - **Consumer Health and Retailer Efficiency**: Insights from a consumer conference indicate a healthy consumer outlook for 2026, with expectations of cost efficiencies for retailers through GenAI adoption [7][7]. Forward Guidance and Targets - **General Guidance**: Various companies in the software and fintech sectors have provided forward guidance, indicating a range of revenue growth expectations and margin targets. For instance, Amadeus expects a revenue CAGR of 8.5-11.5% for FY24-26, while SAP anticipates a free cash flow of approximately €8-8.2 billion [14][16]. Conclusion - The conference call highlighted significant concerns regarding Oracle's performance, while other companies like Adobe and Microsoft show potential for growth despite some challenges. The rising importance of cybersecurity and consumer health trends are also critical factors influencing the technology sector's outlook.

Core Insights - Qualys, Inc. has introduced enhancements to its Enterprise TruRisk Management (ETM) platform, focusing on proactive risk management to predict and prevent emerging cyber threats, particularly in the context of agentic AI [1][3][9] Group 1: New Capabilities - The enhancements to Qualys ETM include improved identity security for both human and non-human identities, predictive threat analysis, and validation of exposure exploitability, allowing security teams to anticipate cyber risks before breaches occur [1][3] - ETM Identity consolidates visibility and remediation across various identity and access management systems, correlating identity and asset risk into a single Identity TruRisk score, which helps security teams focus on the most exploitable attack paths [5][6] Group 2: Addressing AI-Driven Threats - The rise of AI has led to an increase in the volume and complexity of cyber attacks, necessitating a proactive, intelligence-driven approach to breach prevention tailored to organizations' unique risk profiles [3][4] - Qualys ETM aligns Identity Risk Posture Management with contextual threat intelligence and exposure exploitability validation, enabling measurable risk reduction at an enterprise scale [3][4] Group 3: Enhanced Risk Management Tools - TruLens provides real-time, tailored threat intelligence, allowing organizations to detect, prioritize, and remediate cyber risks more effectively by continuously applying live threat analysis and business impact context [6][7] - TruConfirm validates the exploitability of exposures by executing real-world attack scenarios, enabling security teams to prioritize and mitigate risks more efficiently [8][9] Group 4: Market Position and Availability - Qualys ETM is now generally available, with its new features, including ETM Identity, TruLens, and TruConfirm, available in preview [9][11] - Qualys serves over 10,000 subscription customers globally, including many from the Forbes Global 100 and Fortune 100, indicating a strong market presence [11][12]

Core Insights - Managing cyber risk is increasingly prioritized in the insurance and asset management sectors, with companies enhancing their annual budgets and board-level oversight [1] Group 1: Cybersecurity Leadership - Nearly 70% of companies have a Chief Information Security Officer (CISO) overseeing corporate cyber risk, while an additional 10% have a Chief Information Officer (CIO) in this role [2] - Over 95% of organizations have their CISOs provide briefings to the CEO at least semiannually, an increase from 88% in 2023 [2] - 70% of companies have their CISO brief the corporate board at least semiannually, up from 54% in 2023 [3] - 40% of companies link CEO compensation to cybersecurity performance, a significant rise from 24% in 2023 [3] Group 2: Cybersecurity Spending and Practices - Nearly half of the surveyed companies allocate 8% or more of their total IT budgets to cybersecurity, compared to 42% in 2023 [3] - About 98% of respondents test their incident response plans at least annually [4] - 80% of companies perform daily data backups to safeguard critical data against ransomware and other security threats [4] - 97% of respondents have patch management and vulnerability management programs in place [4] - 84% of respondents have a formal policy regulating the use of AI-based tools [4] Group 3: Survey Demographics - The research is based on a survey of 1,952 global respondents, including 102 insurers, insurance brokers, and asset managers [5]

Core Insights - Telos Corporation has launched Xacta.ai, an AI capability designed to enhance cyber governance, risk, and compliance (GRC) processes, enabling organizations to transition from reactive compliance to proactive risk management [2][3] - Xacta.ai integrates unique organizational content with existing data to provide real-time, actionable insights, significantly reducing compliance timelines and improving decision-making [3][4] Product Features - Xacta.ai can reduce critical compliance tasks from 4-6 months to just nine days, achieving a 93% overall time savings in generating control implementation statements [5] - The AI is built on 25 years of expertise in GRC, allowing it to provide context-aware responses to complex questions in seconds [6][7] - Key capabilities include instant control implementation, AI-driven control validation, risk remediation, contextual risk insights, and an adaptive prompt library [11] Market Context - Organizations are under increasing pressure to manage compliance obligations efficiently, and Xacta.ai addresses this by embedding regulatory and security expertise into AI-assisted workflows [4] - The trend in the market is shifting towards using AI to empower more effective risk management rather than replacing governance processes [4]

Core Insights - Qualys, Inc. has achieved FedRAMP High Authorization for its Government Platform, making it one of the few cybersecurity platforms to offer a comprehensive security solution at this level [1][3][4] - The platform addresses challenges faced by federal agencies, such as limited staff and fragmented security tools, by providing a unified cyber risk management solution [2][4] - FedRAMP High is the most stringent authorization level, designed for cloud services handling sensitive government data, aligning with NIST 800-53 High Impact controls [3] Company Overview - Qualys is a leading provider of cloud-based security, compliance, and IT solutions, serving over 10,000 subscription customers globally, including many from the Forbes Global 100 and Fortune 100 [6] - The company was founded in 1999 and is recognized as one of the first SaaS security companies, with strategic partnerships that enhance its vulnerability management capabilities [7] Product Features - The Qualys Government Platform offers a range of services including vulnerability management, compliance, endpoint detection and response (EDR), asset inventory, policy enforcement, and web application security, all within a single scalable solution [2][4] - The platform is designed to provide broad visibility and control across the entire risk surface, enabling organizations to efficiently reduce risk and protect critical assets [2][4]

Industry Trend - Insurance industry shows a growing interest in insurance technology (InsurTech) with Zurich Insurance Group AG's acquisition of BOXX Insurance Inc [1] Mergers and Acquisitions - Zurich Insurance Group AG to acquire BOXX Insurance Inc, a Canadian cyber risk management firm [1] Company Focus - Zurich Insurance Group AG expands into cyber risk management through acquisition [1]

Qualys (QLYS) FY Conference Summary Company Overview - **Company**: Qualys - **Industry**: Cybersecurity, specifically focusing on cyber risk management and vulnerability management - **Key Executives**: Sumit Dakar (CEO), Jume Kim (CFO) [1][2] Core Business Insights - **Vulnerability Management**: Qualys has been a pioneer in vulnerability management, evolving from basic detection to comprehensive cyber risk management solutions [3][4] - **Product Expansion**: The company has broadened its offerings to include remediation, patch management, asset management, and a risk operation center [4][5] - **Market Growth**: The number of vulnerabilities detected has increased significantly, necessitating a shift from merely identifying vulnerabilities to prioritizing and remediating them effectively [5][6] Financial Performance and Growth Strategy - **Growth Drivers**: Historically, growth has been driven by existing customers, with 15% of last twelve months (LTM) bookings coming from new products like Patch Management and CSAM [9][10] - **Future Growth**: The company anticipates continued growth from existing customers while also targeting new customer acquisition through enhanced value propositions [10][17] - **Financial Model**: Qualys maintains a focus on profitable growth, with a gross margin of 84% despite a shift towards more partner-driven sales [31][32] Product Development and Market Position - **Enterprise True Risk Solution**: This solution aims to provide a holistic view of cybersecurity risks, allowing customers to justify cybersecurity investments to stakeholders [11][12] - **Risk Operation Center**: A new offering that consolidates data from various tools to provide a comprehensive risk assessment, enabling better decision-making for customers [13][14] - **Cloud Security**: Qualys is actively expanding its cloud security capabilities, with 30 million agents deployed in public cloud environments [44][32] Partner Strategy and Market Dynamics - **Channel Focus**: The company is increasingly relying on channel partners for new customer acquisition and upselling, with a significant portion of deals now involving partners [25][29] - **Managed Services**: Qualys is enabling partners to offer risk monitoring services, which differ from traditional threat monitoring, thus expanding its market reach [22][24] - **Federal Market Opportunity**: The company is preparing to enhance its presence in the federal sector, particularly with the upcoming FedRAMP High certification, which will allow access to more federal agencies [33][34] Challenges and Future Outlook - **Sales Productivity**: While relationships with partners have improved, direct sales productivity has not met expectations, prompting a strategic shift towards channel partnerships [47][48] - **Investment in Federal Sector**: The company is committed to investing in the federal market, anticipating significant growth opportunities once FedRAMP High is achieved [35][36] - **Long-term Strategy**: Qualys aims to continue evolving its platform to meet the changing needs of customers, focusing on risk management and comprehensive cybersecurity solutions [17][32] Additional Insights - **Customer Engagement**: There is a notable increase in engagement from Chief Security Officers (CSOs) in discussions about risk management, indicating a shift in customer priorities [16][17] - **Market Confusion**: The distinction between vulnerability management, CSPM (Cloud Security Posture Management), and other security solutions is often misunderstood, but Qualys aims to clarify these roles [41][42] This summary encapsulates the key points discussed during the Qualys FY Conference, highlighting the company's strategic direction, market opportunities, and challenges ahead.