Prudential 2021 ESG Report Cybersecurity Prudential’s cybersecurity, privacy threats and to leverage threat modeling insights These align with the broader incident response into its cybersecurity program. The Company process described above. Privacy risks and and compliance teams work to continuously tests its technical defenses with controls are assessed through the Compliance and Privacy safeguard Company and customer internal and external trained professionals Risk Management Program, and privacy data. seeking to probe the Company’s cybersecurity impact assessments and other assessments are defenses. Risk assessments are included in the conducted regularly on processes, initiatives and To respond to the threat of security breaches cybersecurity program. Prudential maintains products involving personal information. The and cyberattacks, Prudential has developed cyber insurance coverage as part of the Board and the Audit Committee receive updates the Information Risk and Resilience program, Company’s incident response preparedness. at least annually regarding the privacy risk pro昀椀le overseen by the Chief Information Security Cross-functional teams participate in simulated of the Company. Of昀椀cer and the Information Security Of昀椀ce, scenarios within Prudential, while Company Prudential informs its customers and employees that is designed to protect and preserve the representatives participate in industry-wide about its privacy practices through several con昀椀dentiality, integrity and continued availability external scenarios. New technology is regularly channels and honors individual rights as of all information owned by, or in the care of, reviewed and implemented to help thwart required by applicable laws and regulations. the Company. As part of this program, we attacks and prepare the Company to respond to We provide privacy notices to employees and maintain an incident response plan. The program those that evade defenses. customers consistent with legal requirements provides for the coordination of various corporate and explain how the Company generally collects, functions and governance groups and serves as Prudential continues to expand and evolve uses, stores, transfers and safeguards customer a framework for the execution of responsibilities its threat-hunting and analytics capabilities, information. Similarly, the Company’s online across businesses and operational roles. The proactively searching for and identifying privacy statements outline how Prudential program establishes security standards for evidence of malicious attacks already inside collects, uses and safeguards information that our technological resources and includes the network. These processes supplement may be gathered through online interactions. cybersecurity annual training for employees, traditional review of malicious external internet For more information, read Prudential’s Form contractors and third parties. Additionally, traf昀椀c directed at the Prudential network. 10-K and our Data Security Statement. we conduct periodic exercises and response Prudential respects and protects personal, readiness assessments with outside advisors to con昀椀dential, sensitive and material nonpublic Prudential provided information security gain a third-party independent assessment of training to employees in 2021. For employees our technical program and our internal response information and has implemented a principles in Information Security job functions, additional preparedness. We regularly engage with the based Global Privacy Program. The Global role-speci昀椀c training prescribed and tracked by outside security community and monitor cyber Privacy Of昀椀ce is led by the Company’s Global the Information Security Of昀椀ce is instituted. threat information. We continue to evaluate and Chief Privacy Of昀椀cer, who reports through the Chief Ethics and Compliance Of昀椀cer, and is All employees receive mandatory privacy training evolve the technologies, processes, controls and intelligence to prevent, detect and respond to responsible for establishing the Company’s at the time of hire and on an annual basis that standards and requirements around privacy is centrally tracked with role-speci昀椀c targeted cyber threats and attacks. Relevant cybersecurity controls related to 昀椀nancial reporting are protections for Personal Information. Data privacy training provided based on job function. considered by our external auditor in the context Protection Of昀椀cers are identi昀椀ed by the businesses to oversee the privacy risks within TRAINING FREQUENCY of Prudential’s annual external integrated audit. their business units to ensure procedures are Cybersecurity Annual Prudential partners with other companies in place that align with the Company’s Global Privacy Annual and industries, as well as law enforcement to Privacy Program to include privacy by design and communicate information about the latest cyber management of privacy events and incidents. Information Security Annual 9 Home Introduction Governance Sustainable Investing People Community Environment About this Report Appendix