SES AI Corp 10-K Cybersecurity GRC - 2024-02-27

Page last updated on April 11, 2024

SES AI Corp reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-27 17:10:26 EST.

Filings

10-K filed on 2024-02-27

SES AI Corp filed an 10-K at 2024-02-27 17:10:26 EST
Accession Number: 0001819142-24-000014

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Cybersecurity is an important priority at SES, and we actively manage this critical risk through comprehensive measures. Our processes for assessing, identifying, and managing material risks from cybersecurity threats are still in development and have yet to be integrated into our overall risk management system and processes. 32 Table of Contents Proactive Defense: We utilize industry-standard mechanisms to assess, identify, and address potential threats from cybersecurity incidents. Our dedicated information technology (IT) team continuously monitors the evolving cybersecurity landscape and develops robust response processes to swiftly and effectively handle emerging threats. Structured Framework: Our company-wide cybersecurity policy outlines our security posture and incident response protocol, ensuring clear escalation procedures to inform senior management, the Audit Committee, and the Board of Directors of cybersecurity events as needed. Independent Oversight: The Audit Committee, composed entirely of independent directors under SEC and NYSE rules, oversees our cyber risk exposure and evaluates our risk mitigation strategies. The committee is regularly briefed by our VP, IT Services in depth, and in turn briefs the Board of Directors on any material cyber risks and events. Additionally, we use processes to oversee and identify material risks from cybersecurity threats associated with our use of third-party technology and systems, including third party penetration tests, external security audits of our data loss prevention mechanisms and require that our vendors comply with Service Organization Control Type II requirements. Michael Kraus, Vice President of Compliance and Information Technology, leads our information security program with his expertise, honed by over 30 years of experience in the high-tech industry designing and deploying high-performance communication networks. Mr. Kraus has global network building experience which we believe helps to bolster our security posture. While cybersecurity threats remain a reality for all organizations, SES is committed to proactive risk management and continuous improvement in our security posture. We believe that the processes we have established for assessing, identifying, and managing material risks from cybersecurity allow us to effectively mitigate potential impacts and protect our business, operations, and products: In-sourced IT Services: By in-sourcing IT services in late 2023, we gained greater control over IT decisions, established a comprehensive knowledge base, and laid a framework allowing for unbiased assessments of future IT and cybersecurity investments. 24/7 Network Monitoring: Our continuous 24/7 second-level maintenance and monitoring contract provides constant vigilance against network disruptions and potential cyber threats, ensuring swift detection and mitigation of incidents. Cutting-edge Data Backup: Deployment of our new data backup system is underway, offering robust protection against catastrophic failures, early detection of data loss prevention events, and near real-time mitigation of ransomware attacks. Full implementation is anticipated by the end of the first quarter of 2024. In addition, at times we also engage assessors, consultants, auditors, or other third parties to assist with assessing, identifying, and managing cybersecurity risks. We face risks from cybersecurity threats that could have a material adverse effect on our relationship with our partners, suppliers and eventual customers, or on our business, operations or products. We have experienced, and will likely continue to experience, cybersecurity incidents in the normal course of our business, however, we are not aware that we have experienced a material cybersecurity incident during fiscal 2023. See Risk Factors Risks Related to Privacy and Security If we experience a significant cybersecurity breach or disruption in our information systems or any of our partners information systems, our business could be adversely affected.

Company Information