Investor Presentation March 2018 NYSE AMERICAN: CTEK Safe Harbor - - PowerPoint PPT Presentation

Investor Presentation

March 2018 NYSE AMERICAN: CTEK

2

Safe Harbor Statements

This presentation contains, and our officers and representatives may from time to time make, “forward- looking statements” within the meaning of the safe harbor provisions of the U.S. Private Securities Litigation Reform Act of 1995. Forward-looking statements can be identified by words such as: “anticipate,” “intend,” “plan,” “goal,” “seek,” “believe,” “project,” “estimate,” “expect,” “strategy,” “future,” “likely,” “may,” “should,” “will” and similar references to future periods. Examples of forward-looking statements include, among others, statements we make (herein or otherwise) regarding the size of the potential market for our services; the number of potential customers/clients for our services; plans and strategies of CynergisTek and its subsidiaries for future growth and performance; market acceptance of our business model; our ability to integrate acquisitions and merged companies; and timelines relating to growth, milestones, and strategic focus. Forward-looking statements are neither historical facts nor assurances of future performance. Instead, they are based only on management’s current beliefs, expectations and assumptions regarding the future of our business, future plans and strategies, projections, anticipated events and trends, the economy and other future conditions. Because forward-looking statements relate to the future, they are subject to inherent uncertainties, risks and changes in circumstances that are difficult to predict and many of which are outside of our control. Our actual results and financial condition may differ materially from those indicated in the forward-looking statements. Therefore, you should not rely on any of these forward-looking statements. Important factors that could cause our actual results and financial condition to differ materially from those indicated in the forward-looking statements include, among

• thers, the risk factors discussed throughout Part II, Item 7. Management’s Discussion and Analysis of Financial

Condition and Results of Operations, and in Part I, Item 1A. Risk Factors of our Annual Report on Form 10-K for the year ended December 31, 2016; and throughout Part I, Item 2. Management’s Discussion and Analysis of Financial Condition and Results of Operations of our Quarterly Reports on Form 10-Q for the quarters ending March 31, June 30 and September 30, 2017. Any forward-looking statement made by us in this presentation is based only on information currently available to us and speaks only as of the date on which it is made. We expressly disclaim any

• bligation to publicly update any forward-looking statement, whether written or oral, that may be made from time

to time, whether as a result of new information, future developments, or otherwise.

Introduction

3

4

CynergisTek

Cybersecurity and Information Management for Healthcare

Nationwide Presence Consultants average 15 years of experience in their domain expertise with 100+ individual industry recognized certifications 2016 Revenue $60M Adjusted EBITDA $3.8M Covered Entities* 1,000 healthcare provider locations and business associates Contracts 70% of clients in 3-5 year managed services contracts

*Covered entities are defined in the Health Insurance Portability and Accountability Act (HIPAA) rules as (1) health plans, (2) health care clearinghouses, and (3) health care providers who electronically transmit any health information in connection with transactions for which the department of Health and Human Services (HHS) has adopted standards.

Market Opportunity

5

Print Has Increased 11%

Significant risk to PHI and cost savings opportunity for hospital.

6

Cost of a Breach

Breaches cost the healthcare industry $6.2B/yr1, 90% of all hospitals had a breach in the past two years.2

Healthcare IT Industry Dynamics

3.5 Million Covered Entities and 35 Million Business Associates

IT Spend on Security3

Healthcare 4-6% Financial 10-12% Government 7-9%

Internet of Things (IoT)

Estimated 27 billion devices by 2019. Biomedical device risk.

Increased Regulation

OCR enforcement of HIPAA among covered entities and business associates.

Lack of Resources

Cybersecurity labor crunch to hit 1.5 million unfilled jobs by 20194 with 84% of hospitals lacking a dedicated security leader5

References on slide 24.

7

$11B Domestic Market Opportunity

Healthcare $11B

9 Market

EHR produces 60% of print volume6

• Paper represents 30% of

all breaches $65B - estimated cumulative healthcare cybersecurity spend on products and services

• ver the next five years7

Hacking incidents involving ransomware and malware doubled from 2016 to 20178 37% of data breaches in 2017 were tied to insider error or wrongdoing, which compromised nearly 1.7 million patient records8

The fundamental difference between healthcare and other industries is that it’s not just about money and information, it’s about the quality of care and patient safety.

8

In the News

Healthcare Organizations will be the most targeted sector with new sophisticated attacks emerging

1 2 3

Ransomware 64% of victims in the U.S. pay ransom Threats Trend of 1 breach a day continues into 2018 (Healthcare specific) 8 Weaponized IoT devices Take down critical cloud services

4 5

Disruptive Attacks Shutting down hospitals Identity Theft Every two seconds someone is a victim of identity theft

6

Global Nearly 1 billion people globally were victims of cybercrime in 2017 up 45% from 2016 10

Victims of cybercrime globally lost $172 billion 10

Solutions

9

10

The Services We Provide

Consulting Services

• Risk Assessment
• Technical Security

Assessment

• Print Security Assessment
• Architecture Assessment
• Social Engineering and

Phishing

• Privacy Program

Assessment

• Policy and Procedure

Development

• Compliance Program

Effectiveness Assessment

• HIPAA Research Program

Assessment

• Meaningful Use Audits

Managed Services

• Compliance Assist Partner

Program

• Vendor Security

Management

• Privacy Monitoring
• Vulnerability

Management

• Managed Print Service
• Incident Response

Management Professional Services

• Remediation
• Program Development
• Strategic Staffing
• Virtual CISO

Security/Privacy/Compliance/Cost Avoidance

11

Competitive Advantage

Unmatched Healthcare Cybersecurity Experts

Strong Relationships and Track Record Thought Leaders Trusted Advisor Well Known Industry Player Market Driven Tailored Solutions

CynergisTek won the 2017 Best in KLAS Award for Cyber Security Advisory Services

Financial Performance

12

13

Snapshot

NYSE AMERICAN 2/27/2018 Share price $5.31 Market cap $50M FD Shares Outstanding 10M Shares Owned by Mgmt. and Board 25% Income Statement 2016 YTD Q3 2017 Revenue $60M $53M Adjusted EBITDA1 $3.4M $5.3M Adjusted Earnings1 $3.3M $3.9M Cash $6.1M $2.7M2 Debt $1.3M $21.4M

1 Please see our annual and quarterly earnings releases for complete details. 2 Company maintains a $5M receivable based line of credit with $0 balance outstanding.

14

Revenue

Financial Highlights

$44 $61 $60 $53 19% 17% 20% 29% $44 Q3 YTD 2014 2015 2016 YTD 3Q17 Revenue Gross Margin YTD $ IN MILLIONS

15

Adjusted EBITDA

Financial Highlights

1 Adjusted EBITDA: adjusting EBITDA for stock based compensation. 2 Adjusted Earnings: adjusting net income for estimated cash tax adjustment, amortization of intangibles, stock based compensation and depreciation.

$2.1 $1.8 $3.4 $5.3 $1.8 $1.7 $3.3 $3.9 2014 2015 2016 YTD 3Q17 Adjusted EBITDA Adjusted Earnings $ IN MILLIONS

About Us

16

17

Snapshot of Clients

Sample representation

• f more than

1,000 healthcare provider locations and business associates.

18

Management Team

Mac McMillan

Chief Executive Officer

Paul Anthony

Chief Financial Officer

Mac has nearly 40 years of both government and private sector experience. He served as Director of Security for two Defense Agencies and as an Intelligence Officer in the U.S. Marines. He has worked in the healthcare industry since his retirement from the federal government and contributes regularly to industry thought leadership. Paul is a Certified Public Accountant and an expert in financial management, investor relations, tax, treasury and risk management with over 25 years of professional services experience with worldwide enterprises, publicly traded companies and start-ups. His career has included time with KPMG, Peat Marwick LLP and IBM.

Angela Rivera

EVP Operations

David Finn

EVP Strategy

Angela Rivera is a passionate executive with 25 years of experience in the healthcare industry with significant focus serving the healthcare provider

• industry. Ms. Rivera served the last 17 years in

various roles at Computer Task Group. In her most recent role as Vice President, Health Solutions for Computer Task Group, she held executive responsibility for solutions and growth strategy, quality service delivery, and management of the professional consulting base that delivered information technology services and solutions to CTG’s healthcare provider, payer, and life sciences clients in North America. David, comes from Symantec and has been involved in leading the planning, management, and control of enterprise-wide, mission-critical information technology and business processes for more than 30 years. His unique experience in risk management and control objectives of technology (including audit, security, and privacy) allows him a distinctive perspective in the design and implementation of business applications and the processes that the technology must support.

19

Create $150M Recurring Revenue Healthcare IT Services Business

5 year goal with >15% adjusted EBITDA.

Growth Initiatives

Employee Investment

Continue to strengthen and build on the teams depth of knowledge in cybersecurity.

Cybersecurity Focus

Continue growing service offerings to meet market demand. Be the #1 trusted source in the market.

Increase Shareholder Value

20

Board of Directors

J.D. Abouchar

Chairman of the Board

Drex DeFord

Director Principal at Drexio Digital Health, former Healthcare CIO

Mac McMillan

Director CEO OF CynergisTek

Judy Krandel

Director Snap Interactive CFO

Mark Roberson

Chairman of the Audit Committee COO of Chanticleer Holding, Inc.

Theresa Meadows

Director SVP/CIO Cooks Children’s Health Care System

• Dr. Michael

Mathews

Director COO of CynergisTek

Transition of Board in 2016 and 2017 bringing in healthcare IT and capital markets expertise

21

Investment Thesis for the New CTEK

FY17: Transformation FY18: Execution FY19 & FY20: Opportunity

Grow and deploy professional and privacy services offerings that help healthcare

• rganizations remediate, develop and implement programs and technology to fulfill short

and long-term security and privacy roles Well positioned for sustainable mid to high organic revenue growth Fundamental operational improvements expected to result in industry-leading operating margin Experienced management team with proven operational success and deep healthcare cybersecurity knowledge

22

Questions

Mac McMillan InvestorRelations@CynergisTek.com Questions?

?

23

References

Healthcare IT Industry Dynamics:

1 Beckers Healthcare IT and CIO Review, 2017 2 HIMSS Analytics Healthcare IT Security and Risk Management Study, 2016 3 SANS IT Security Spending Report, 2016 4 Cybersecurity Ventures Healthcare Cybersecurity Report 2017 Edition 5 Black Book Research Q4 2017 survey of US Healthcare Industry

$11B Domestic Market Opportunity:

6 Nuance 7 Cybersecurity Ventures Healthcare Cybersecurity Report 2017 Edition 8 Protenus, Inc. and DataBreaches.Net 2017 Annual Breach Barometer 9 Grandview Research Inc Healthcare Cybersecurity Market Analysis and Segment

Forecast to 2022 In the News:

10 2017 Norton Cybersecurity Insights Reports – Global Results