As a leading provider of oilfield services across diverse and often challenging environments, NESR recognizes that secure and reliable access to operational technology, field communications networks, and proprietary customer data is essential to maintaining safe, efficient, and uninterrupted operations.

We have implemented a comprehensive Cybersecurity Risk Management Program designed to protect the confidentiality, integrity, and availability of our information systems and digital assets. This program covers all aspects of our operations, including corporate information technology (“IT”) systems, field-based digital infrastructure, remote monitoring platforms, and customer-facing digital applications.

We apply a layered defense approach that combines technical, administrative, and physical controls to prevent, detect, and respond to cyber threats. These controls include network security measures, endpoint protection, multi-factor authentication, encryption, access management, and continuous monitoring supported by incident detection and response capabilities.

We are committed to protecting the privacy and confidentiality of information entrusted to us by our customers, clients, vendors, and suppliers. Our cybersecurity and data protection controls are designed to safeguard sensitive and proprietary data throughout its lifecycle, from collection and transmission to storage and disposal. We implement strict access controls, data handling procedures, and confidentiality obligations to help ensure that such information is used solely for legitimate business purposes and remains protected against unauthorized access, disclosure, or misuse.

We also enforce device compliance through centralized endpoint management tools to ensure that only authorized and secure devices can access company systems and data. These measures strengthen control over configurations, software updates, and data protection across all connected devices. Advanced email security systems and phishing detection tools are deployed to protect against social engineering and email-borne threats.

Given the nature of our field operations, which often take place in remote and complex environments, NESR has implemented enhanced cybersecurity procedures to help safeguard its operational systems and digital infrastructure from unauthorized access or disruption. We conduct regular vulnerability assessments, penetration testing, and simulation exercises, often with independent experts, to evaluate the resilience of our IT environments and to strengthen defenses where necessary.

Cybersecurity awareness is a core element of our defense strategy. All employees receive periodic cybersecurity training and simulated phishing exercises to reinforce security awareness, data protection, and incident-reporting responsibilities. Targeted training is provided to personnel with elevated access to sensitive systems or information.

We also maintain cybersecurity insurance to mitigate potential financial losses associated with certain types of incidents, however, such coverage may not fully offset all costs, operational impacts, or reputational effects that could result from a cybersecurity event.

Cybersecurity risk management is an integral component of NESR’s overall governance and risk oversight structure. The Board of Directors oversees cybersecurity as part of its broader oversight responsibilities, while the Audit Committee holds primary responsibility for cybersecurity matters. The Audit Committee receives periodic updates from management on cybersecurity risks, threat trends, and the effectiveness of control measures.

Our Head of Information Technology (“Head of IT”) leads the Company’s global information security program and has more than 15 years of experience in cybersecurity and industrial control system security. The Head of IT reports to our CFO, who provides quarterly updates to the broader executive management team and the Audit Committee, as well as our Vice President of Operations. The IT organization collaborates closely with executive management, field operations and technical teams, functional leadership, business segment directors, compliance, and HSE to ensure coordinated risk identification, mitigation, and response across the enterprise.