Bengaluru-born, US-incorporated - founded 2021, bootstrapped, debt-free - CREST accredited in under five years, backed by global CISOs, cybersecurity pioneers, and technology founders Bangalore Team of DigiFortex Inc. BENGALURU and WILMINGTON, Delaware - April 2026: DigiFortex, a cybersecurity and digital risk assurance company incorporated in India in April 2021 and in the United States in May 2022, achieved CREST accreditation for penetration testing in February 2026 - under five years from founding, coinciding with the company’s fifth anniversary on April 15, 2026. The accreditation places DigiFortex among a select group of firms meeting the independently verified standard required by financial regulators across the United Kingdom, Singapore, Malaysia, the Netherlands, and the United States. Most CREST-accredited firms have been operating for a decade or more. DigiFortex earned it in under five years - bootstrapped and debt-free. CREST requires member organisations to undergo a rigorous independent audit of technical methodology, governance, information security management, and staff competence - actively required or strongly preferred by the UK's Financial Conduct Authority, Singapore's Monetary Authority, and EU regulators under the Digital Operational Resilience Act. “CREST accreditation confirms that DigiFortex meets recognised benchmarks for technical delivery, governance, and security testing -giving clients greater confidence in assessing their security posture,” said Nick Benson, CEO of CREST International. “This reflects the level of assurance and quality we expect from our Members.” “Five years ago we started DigiFortex from Bengaluru -without external funding, without debt, with a conviction that enterprises deserved globally validated cybersecurity. Today, as we mark our fifth year, CREST accreditation confirms what our clients already knew. This is not the end. It is the baseline from which we take DigiFortex global.” said Vijay Kumar, Founder and CEO, DigiFortex. Three Certifications. One Firm. Under Five Years. DigiFortex holds three independent certifications simultaneously -earned without external capital: ✓ CREST Accredited - February 2026. Independently audited against the global standard required by FCA, MAS, and EU regulators. ✓ CERT-In Empanelled - Recognised by India’s national cybersecurity authority for information security auditing. ✓ ISO 27001:2022 Certified - Information security management independently verified to the same standard DigiFortex recommends to its clients. Three independent validations. Three questions answered: qualified to test, trusted with data, recognised by authority. Trusted by the World’s Most Demanding Organisations DigiFortex’s clients include a global e-commerce major, a global payments company, a global insurance group, a global logistics company, central and state government bodies across India, public sector organisations, India’s top fintech and investment platforms, Indian private sector banks, technology and IT services companies, autonomous and connected vehicle platform companies, and a global visa and consular services company -with clients across the US, EU, UAE, UK, India, Singapore, and beyond. These are repeat clients who trusted DigiFortex with their critical business systems - and came back. CISOs, CTOs, CFOs, and security leaders across the world’s most compliance-intensive organisations have cited DigiFortex’s technical depth, actionable reporting, and findings that surpassed those of established global vendors. No venture funding. No debt. Every engagement earned on delivery quality alone. Backed by a World-Class Advisory Board DigiFortex is guided by an advisory board of global cybersecurity leaders, technology entrepreneurs, and academics. The board includes a well-known US CISO and former senior leader at MITRE, bringing deep expertise in threat intelligence and enterprise cyber risk. A cybersecurity industry veteran who established and led the India operations of two of the world’s most recognised cybersecurity companies, before founding a global threat intelligence startup and serving as CTO of a leading US cybersecurity firm. The co-founder and CEO of one of India’s most successful B2B SaaS companies serving Fortune 500 enterprises globally. The co-founder and CEO of a US-based analytics consultancy serving regulated enterprise clients across HIPAA, GDPR, and ISO frameworks. The former Director of one of India’s premier technology institutes. A Canadian-based academic and cybersecurity practitioner specialising in privacy law and data protection. A technology entrepreneur with expertise in emerging enterprise platforms. Full advisory board profiles: https://www.digifortex.com/About-Us/ Built for the AI Era - A Complete Portfolio Security Testing: CREST-accredited penetration testing across web, mobile, API, network, cloud, IoT, and OT environments. LLM and AI Penetration Testing, Red Teaming and Adversary Simulation, Attack Surface Management and Dark Web Monitoring. v-CISO: Fractional Chief Information Security Officer leadership for globally regulated technology companies, and AI-driven enterprises - building and maturing security programmes without the cost of a full-time hire. Virtual DPO: Fractional Data Protection Officer services guiding organisations through DPDPA, GDPR, and multi-jurisdictional privacy obligations - from data mapping and impact assessments to regulatory liaison and breach response. End-to-End GRC and Certifications: Comprehensive governance, risk, and compliance across Indian frameworks -RBI, SEBI, NABARD, IRDAI, UIDAI, and SBI-VSCC - and global frameworks including DORA, HIPAA, FedRAMP, SOX, NIST, PCI DSS, SOC 2, ISO 27001, ISO 42001, and GDPR. Internal Audit. AI Governance. Risk Management. Data Privacy: Advisory and implementation across DPDPA, GDPR, CCPA, and PIPEDA - covering privacy by design, data mapping, privacy impact assessments, and cross-border data transfer compliance. Managed Security: 24x7 AI-powered SOC. Cloud-Native Application Protection Platform with real-time monitoring, threat detection, and automated compliance. Delivered from Bangalore, Mumbai, Delhi, and Pune. Coming Soon: Enterprise Platforms for Security, Privacy, Compliance & AI Governance DigiFortex is developing enterprise platforms delivering unified visibility across security posture, data privacy, and compliance - built for organisations navigating accelerating regulatory complexity and the expanding attack surface of AI adoption. Further details will be announced in the coming months. Innovation and Talent DigiFortex is backed by a solid engineering team with experience from the IITK ecosystem and India’s top technology institutions - combining deep offensive security expertise with rigorous GRC and privacy credentials. The team brings academic pedigree from Wharton, Kellogg, ISB, IIM, IIT, NIT, and IIITB, with founding experience from early-stage McAfee and APAC’s first Security Operations Centre. On every engagement, DigiFortex deploys engineers who have built, broken, and secured complex enterprise systems -not consultants who document them. Team certifications span OSCP, OSCP+, CRTP, CISSP, CEH, CISA, CCSA NG, ISO 27001 Lead Auditor, CIPP/E, DCPLA amongst others - covering offensive security, red team operations, enterprise security leadership, network defence, information systems audit, and data privacy law across European and global jurisdictions. The company has inventors with 17 US patents applicable across 170+ countries - reflecting an engineering culture that invents, not just implements. DigiFortex has engaged with Stanford University, the University of Washington, and the London School of Economics, and has on multiple occasions delivered security assessment findings that surpassed those of established global vendors. About DigiFortex DigiFortex is a cybersecurity and digital risk assurance company incorporated in India in April 2021 and in the United States in May 2022. Bootstrapped and debt-free, the company holds CREST accreditation, ISO 27001:2022 certification, and CERT-In empanelment -earned in under five years without external funding. Trusted by global e-commerce, payments, insurance, and logistics majors, government bodies, fintech platforms, and technology firms across the US, EU, UAE, UK, India, Singapore, and beyond, DigiFortex delivers penetration testing, GRC, SOC, AI security, CNAPP, and data privacy services from delivery centres across India. The company has inventors with 17 US patents applicable across 170+ countries. Website: www.digifortex.com Media Contact Vijay Kumar Founder & CEO, DigiFortex [email protected] +91 9448353194 www.digifortex.com (Disclaimer: The above press release comes to you under an arrangement with NRDPL and PTI takes no editorial responsibility for the same.). PTI PWR

CREST accreditation and cybersecurity compliance standards shape DigiFortex's regulated enterprise testing, privacy, and governance services. Cybersecurity and digital risk assurance services are framed around independent accreditation and certification standards for regulated markets. DigiFortex states that it achieved CREST accreditation for penetration testing, alongside CERT-In empanelment and ISO 27001:2022 certification, with CREST requiring independent audit of technical methodology, governance, information security management, and staff competence. The release links these standards to regulated enterprises and financial regulators across multiple jurisdictions and describes services spanning penetration testing, red teaming, virtual CISO support, privacy advisory, governance, risk and compliance, managed security, and cloud-native application protection.