Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Cybersecurity Risk Management and Strategy

SES has developed and implemented a comprehensive Information and Cyber Security program designed to protect the confidentiality, integrity, and availability of its systems, services, and information. The program applies coordinated,

end-to-end

protection spanning satellite operations, ground networks, terrestrial and cloud platforms, and user endpoints. SES’s security framework combines decades of satellite operations experience with modern cybersecurity practices and a Zero Trust mindset.

SES’s cybersecurity risk management program is integrated into the company’s overall enterprise risk management framework and shares common methodologies and reporting channels across the organization. The program is led by SES’s Chief Information Security Officer (CISO) and supported by a dedicated Head of Information and Cyber Security, who together hold primary responsibility for assessing, managing, and continuously improving SES’s security posture.

Following the completion of the Intelsat integration, SES operates with a unified security posture. The combined organization’s systems, environments, and control frameworks have been brought under a single, consolidated cybersecurity program, enabling consistent application of security standards, certifications, and governance processes across the full enterprise.

SES’s cybersecurity risk management program includes:

•

A comprehensive Information Security Program aligned with international standards, providing the policies, procedures, and technical controls that govern how SES protects its systems and data.

•

A dedicated CISO, Vinit Duggal, an experienced and recognized industry leader with responsibility for the overall cybersecurity strategy, execution, and compliance obligations. The CISO is supported by a dedicated Head of Information and Cyber Security responsible for implementing and maintaining security controls across the organization.

•

A Security Governance, Risk, and Compliance function principally responsible for driving the cybersecurity risk management program, including formal risk assessments, remediation prioritization, and security awareness and education programs.

•

Certifications and compliance alignment across defined scopes, including ISO/IEC 27001:2022, PCI DSS 4.0, and SOC 2. These certifications are maintained through regular independent audits and assessments.

•

An

end-to-end

security strategy covering satellite operations, ground stations and teleports, terrestrial networks, cloud-based workloads, customer edge equipment, and internal IT and enterprise networks.

•

A continuous vulnerability and threat management program, incorporating vulnerability scanning, independent penetration testing, structured remediation tracking, centralized patch management, and threat intelligence monitoring.

•

A Security Operations capability leveraging a modern SIEM platform for global log and telemetry correlation with 24/7 analyst monitoring, supported by an integrated SOAR platform for workflow orchestration and automated response.

•

A cybersecurity incident response plan covering preparation, detection and analysis, containment, eradication and recovery, and post-incident review.

•

Engagement of external assessors, consultants, and auditors where appropriate to independently assess and test security controls.

•

A vendor assessment program to identify and mitigate cybersecurity risks associated with third-party service providers, including contractual obligations for timely reporting of security incidents and risk-related issues.

•

Mandatory security training for all employees, supplemented by role-specific training for engineers, developers, and administrators, and organization-wide awareness initiatives with measurable KPIs.

Cybersecurity Governance

SES’s board of directors considers cybersecurity risk as part of its overall risk oversight responsibilities. The Audit Committee also has oversight of SES’s cybersecurity and data protection programs and receives regular updates from management on program status, trends, and material developments. The full board is informed of any significant cybersecurity incidents and receives periodic briefings on key program components and risk matters.

SES’s CISO, Vinit Duggal, leads the management team’s responsibility for assessing and managing material risks from cybersecurity threats. With extensive executive leadership experience across information security and enterprise risk management, Mr. Duggal supervises both internal cybersecurity personnel and retained external consultants. The CISO is supported by a dedicated Head of Information and Cyber Security who maintains

day-to-day

operational responsibility for the security program.

SES’s security teams operate globally and work closely with engineering, operations, cloud services, and cus

tom

er support to maintain strong protection across all systems and service layers. The management team supervises efforts to prevent, detect, mitigate, and remediate cybersecurity risks through multiple means, including briefings from internal security personnel, threat intelligence from governmental and private sources, and alerts generated by security tools deployed across the IT and operational environment.

Cybersecurity Risk Management Processes Integrated [Text Block]

SES’s cybersecurity risk management program is integrated into the company’s overall enterprise risk management framework and shares common methodologies and reporting channels across the organization. The program is led by SES’s Chief Information Security Officer (CISO) and supported by a dedicated Head of Information and Cyber Security, who together hold primary responsibility for assessing, managing, and continuously improving SES’s security posture.

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Board of Directors Oversight [Text Block]

SES’s board of directors considers cybersecurity risk as part of its overall risk oversight responsibilities. The Audit Committee also has oversight of SES’s cybersecurity and data protection programs and receives regular updates from management on program status, trends, and material developments. The full board is informed of any significant cybersecurity incidents and receives periodic briefings on key program components and risk matters.

Cybersecurity Risk Management Positions or Committees Responsible [Text Block]

SES’s board of directors considers cybersecurity risk as part of its overall risk oversight responsibilities. The Audit Committee also has oversight of SES’s cybersecurity and data protection programs and receives regular updates from management on program status, trends, and material developments. The full board is informed of any significant cybersecurity incidents and receives periodic briefings on key program components and risk matters.

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]

true