EOG RESOURCES INC 10-K Cybersecurity GRC - 2024-02-22

Page last updated on April 11, 2024

EOG RESOURCES INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-22 16:43:31 EST.

Filings

10-K filed on 2024-02-22

EOG RESOURCES INC filed an 10-K at 2024-02-22 16:43:31 EST
Accession Number: 0000821189-24-000011

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. Cybersecurity EOG relies on information technology systems across its business. As its reliance on data and information technology systems has increased, EOG has continued to evolve and modify its cybersecurity processes and strategy and related governance and oversight practices as well as enhance the expertise of its cybersecurity team. Cyber Risk Management & Strategy As part of its overall risk management system, EOG regularly assesses its processes and practices for managing and mitigating cybersecurity risks and determines whether such risks are being effectively managed and mitigated. EOG has implemented and invested in multiple technologies, controls, and procedures designed to protect its information systems and related infrastructure; identify, assess and remediate vulnerabilities; and monitor and mitigate the risk of data loss and other cybersecurity threats and intrusions. EOG focuses on building cybersecurity awareness with its employees and other end-users through training and security exercises and communicates EOG’s expectations of employees and contractors with respect to cybersecurity matters via EOG’s Codes of Business Conduct and Ethics. EOG’s dedicated, in-house cybersecurity team, which is responsible for EOG’s cybersecurity strategy and planning, oversees such efforts, with assistance from external threat analysts, consultants and service providers. As part of these efforts, such team seeks to identify potential cyber vulnerabilities and opportunities for improvement and then evaluates and implements different cybersecurity technologies to address any identified vulnerabilities and opportunities. In addition, EOG’s internal audit function, in conjunction with third-party experts, play a key role in reviewing and assessing EOG’s cybersecurity technologies, controls and procedures, including conducting penetration testing and vulnerability assessments. In the event of an incident, EOG has a designated response team and written response plan in place with predefined escalation and response procedures. EOG also has processes in place to monitor the cybersecurity risk exposure and security practices of key service providers to assess their cyber preparedness. While such technologies, controls, and procedures cannot entirely eliminate cybersecurity threats, EOG believes the risks from cybersecurity threats (including as a result of previous cybersecurity incidents) have been effectively managed and contained, and have not materially affected, and are not reasonably likely to materially affect, EOG and its business strategy, results of operations or financial condition. See ITEM 1A, Risk Factors, for related discussion. As technology and potential cybersecurity threats evolve, EOG intends to continue to adapt and enhance its cybersecurity controls, procedures, and protections. Cyber Expertise & Experience As discussed above, EOG’s cybersecurity team consists of in-house cybersecurity professionals and external threat analysts, consultants and service providers. EOG’s in-house professionals and external threat analysts possess various cybersecurity certifications. EOG’s cybersecurity team is led by EOG’s group director, information systems and senior manager, information systems security, who each have over six years of experience overseeing EOG’s cybersecurity processes and strategy. 29 Cyber Governance & Oversight EOG’s cybersecurity team reports to EOG’s Senior Vice President and Chief Information and Technology Officer, who has served as EOG’s Chief Technology Officer since 2017 and as EOG’s Chief Information Officer for over 25 years. EOG’s cybersecurity team leadership, Senior Vice President and Chief Information and Technology Officer and other members of senior management regularly report to EOG’s Audit Committee and Board of Directors (Board) regarding cybersecurity matters, including the assessments performed regarding EOG’s cybersecurity technologies, controls and procedures. As part of its risk oversight responsibility and pursuant to its charter, the Audit Committee, in consultation with the Board and the Board’s other committees, oversees our policies, strategies, and initiatives for mitigating cybersecurity and information technology risks.

Company Information