WhiteHawk : Quarterly Activities Report and Appendix 4C - quarterly

2022

Quarterly Activities Report

WHITEHAWK LIMITED

Quarterly Activities Report for the Period Ended:

March 31, 2022

HIGHLIGHTS

WHITEHAWK LIMITED (ASX: WHK OR "THE COMPANY"), THE FIRST GLOBAL ONLINE CYBER SECURITY EXCHANGE ENABLING BUSINESSES AND ORGANIZATIONS OF ALL SIZES TO TAKE SMART ACTION AGAINST CYBERCRIME VIA RISK, MATURITY, COMPLIANCE AND THREAT, SOFTWARE AS A SERVICE ANNUAL SUBSCRIPTIONS AND VIRTUAL CONSULTS , IS PLEASED TO PROVIDE AN UPDATE ON ITS PROGRESS FOR THE FIRST QUARTER 2022.

• • Invoiced US$1.8M over US$442K in the same period in 2021, a 400% increase.

• • During the 1st quarter, collected US$2.2M relating to sales receipt from customers.

• • US$505K in receivables as of 31 March.

• • WhiteHawk finishes the 1st quarter of 2022 with a cash position of US$2.1M and no debt.

• • Executed Cyber Risk Radar Contract with Global Social Media company that commenced 14FEB22, for $1.5M USD after completing a 2021 Proof of Concept.

• • Executed Master Agreement with Dun & Bradstreet (D&B) as a Cyber Compliance partner, initial contract for one year with 4 option years of a broad "Cyber Compliance" reports subscription to include a contract for an initial 2,500 licenses. Integrated offering kick-off of 01FEB22, with marketing and sales campaigns starting in March 2022.

• • Key Sales Channel Overview:

  • 1. Through Current Enterprise Clients

    • a. Large Companies - Manufacturing; Defense Industrial Base (DIB); Financial Sector; MSP

    • b. Government CIO/CISO's

    • c. Global Consulting Groups

  • 2. 2022 3rd/4th QTR via Dun & Bradstreet Cyber Compliance Powered by WhiteHawk

    • a. First 2,500 Licenses to Suppliers/Vendors

    • b. Combined Federal & FSI Pipeline

    • c. Future EMBED model to Business Clients

3. 2022 4th QTR (Delayed from 2021) CMMC 2.0 Engagements w/ Amazon Web Services (AWS) U.S. Federal Government

• a. Large Primes across vendors/suppliers/partners

• b. U.S. Office of Secretary of Defense (OSD) CIO Initiative across DIB Contractors

• c. AWS Marketplace Sales of Assessments & Virtual Consults

4. U.S. Federal Government RFI's/RFP's in Partnership with Prime Federal Contractors

• a. U.S. State & Local - Virginia - VITA, Florida-DMS, and Wisconsin

• b. GSA Supply Chain Risk Management (C-SCRM), CIA ARC Data Broker, U.S. Dept of Energy CIO C-SCRM

UPDATES FROM QUARTER

Prime Cyber Risk Radar Contract with a Global Social Media Platform Company

Contract Summary

• • Base year commenced on 14FEB2022. Contract has a base year with 4 option years

• • WhiteHawk providing an annual recurring Cyber-Supply Chain Risk Management (C-SCRM) subscription for a portfolio of 500 vendors/suppliers.

• • Subscription includes both Continuous Monitoring and One-time reports for Cyber and Business Risks - all data and workflows centralized through an integrated and interactive Vendor Risk Management SaaS Dashboard.

Progress for the Quarter

• • Contract Initiation and baseline onboarding of base set of vendors/suppliers for monitoring and engagement

• • Supporting customer with customization in meeting internal objectives and workflow requirements; positioning WhiteHawk's services and offerings as an integral capability for customer's internal cyber functions and workflows moving forward

  • o Customization of Vendor Onboarding and integration of datasets between client and Vendor Risk Management SaaS Dashboard

  • o Tailoring of Vendor Onboarding and Cyber Assessment Questionnaires and scoring

  • o Integrated, automated ability to identify and select vendors for allocation to various tiers of assessment (continuous or one-time)

  Enablement of Continuous/Daily, automated updates to Cyber Risk Scorecards, reducing WhiteHawk labor and increasing profit margin.

Integration of Whitehawk Cyber Risk Scorecards with D&B Investigate

Contract Summary

• • Base year commenced on 01FEB2022. Contract has a base year with 4 option years

• • WhiteHawk providing an integrated, white-labeled, and fully automated version of the Cyber Risk via APIs

• • Initial Subscription is for 2,500 Cyber Risk Scorecards to be allocated to D&B Investigate end customers in batches to support their monitoring of supply chain vendors/suppliers

Progress for the Quarter

• • Development and deployment of a fully automated capability via API integration for ordering, tracking, and receiving Cyber Risk Scorecards between WhiteHawk and D&B

• • Nightly creation of Cyber Risk Scorecards for all orders for 30 days; nightly synchronization between DNB and WhiteHawk

• • Fully automated, Cyber Analyst interaction not required at any time.

• • Analysis being performed to support a future Embed Business Model of the Cyber Risk Scorecards within all DNB subscriptions

Prime Cyber Risk Radar Contract being executed (1st of 4 option years after base year in 2019) in support of U.S. Federal Government Department CISO.

Contract Summary

• § WhiteHawk providing online Software as a Service (SaaS), an annual recurring Cyber-Supply Chain Risk Management (C-SCRM) subscription, with training and technical reach-back.

• § Automated Business Risk Reports provided on-demand, and Cyber Risk Scorecards being provided quarterly via an integrated and interactive Vendor Risk Management SaaS Dashboard.

Progress for the Quarter

• § Tailored training sessions for new team members.

• § Ongoing Business and Cyber Risk Continuous Monitoring, Alerting and Tracking.

• § Quarterly Cyber Risk Scorecards mapped to Vendor Risk Management SaaS Dashboard.

• § Additional task order developed for continuous technical reach-back to refine and optimize platform in support of key client needs.