MICROVISION, INC. 10-K Cybersecurity GRC - 2024-02-29

Page last updated on April 11, 2024

MICROVISION, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-29 16:29:51 EST.

Filings

10-K filed on 2024-02-29

MICROVISION, INC. filed an 10-K at 2024-02-29 16:29:51 EST
Accession Number: 0001493152-24-008335

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Risk Management and Strategy Our Cybersecurity Processes We continue to strengthen our cybersecurity measures to safeguard our information systems based on industry standards. Our measures include policies to promote internal compliance by our employees, policies and procedures to regularly evaluate the security of our information systems and implementation of third-party products, including intrusion prevention and detection solutions, multifactor identification and anti-virus software, to help detect and protect against potential cybersecurity threats. We educate our staff on cybersecurity matters with periodic risk awareness information, phishing awareness campaigns, and training materials. Moreover, given the rapid growth of our global operations in 2023 due to the Ibeo acquisition, and our expectations for near- and long-term strategic growth, our Information Technology, or IT, team is prioritizing enhancements to our response system and continuity plans. A key dimension to the security and effectiveness of our information system is our compliance with standards that are unique to the industries in which we operate. For instance, it is critical that our information system achieves TISAX certification. Established by the German Association of the Automotive Industry, Trusted Information Security Assessment Exchange, or TISAX, is a globally recognized assessment and exchange mechanism for information security in the automotive industry. Automotive OEMs rely on the TISAX label to ensure that suppliers and partners have a solid information security management system in place. To successfully complete the TISAX assessment process in our German and U.S. operations, we are actively evaluating our cybersecurity measures and seeking enhancements, including engaging a third-party auditor and global standardization of our cybersecurity training program, to ensure a comprehensive and robust system. We evaluate our third-party information system providers, as well as any other provider that may have access to our data, for their maturity and reliability, and as a matter of policy we choose to only work with reputable vendors. Risks from Cybersecurity Threats We have not encountered cybersecurity incidents that have materially affected or are reasonably likely to materially affect us, including our operations or financial condition. Any material cybersecurity incident could have a material impact on our operations by causing a disruption to our ability to function as a global organization, by interrupting our internal and external communications and reporting or managing our operations. Refer to Item 1A. Risk Factors in this annual report on Form 10-K, including Our operations could be adversely impacted by information technology system failures, network disruptions, or cybersecurity breaches, for additional discussion about cybersecurity-related risks. Governance Board of Directors and Audit Committee With delegated authority from our Board of Directors and in accordance with its charter, our Audit Committee is charged with the oversight of enterprise risk, including risk related to cybersecurity threats. Our Audit Committee Chair is expected to report regularly to our Board of Directors about our Audit Committee s oversight of enterprise risk. Beginning in 2024, our Audit Committee Chair will report quarterly to our Board of Directors specifically about our cybersecurity incident management and governance. 18 Management, and specifically our Chief Financial Officer, reports to our Audit Committee on cybersecurity, including initiatives and strategies, and incident reporting and any lessons learned. Beginning in 2024, our Chief Financial Officer will make this report on a quarterly basis. From time to time, management will also engage in informal discussions with members of the Audit Committee about our cybersecurity practices and risks, including informing our Audit Committee Chair in a timely manner about any cybersecurity incidents that management determines may have a significant impact on our operations or that may trigger any reporting obligations. Our Audit Committee will conduct an annual review of our cybersecurity measures and the effectiveness of our risk management strategies. Management Anubhav Verma, joined MicroVision in 2021 as our Chief Financial Officer. He is an experienced risk management professional and currently oversees the Company s accounting and finance strategies, including risk management. Mr. Verma also oversees our IT team and, with regular communication with the team, is responsible for approving the IT budget, hiring of IT personnel, including third-party consultants, and approving cybersecurity processes and other cybersecurity-related matters. Although we do not currently employ a chief information security officer, we are working with an outside consulting firm that is serving in this role and assisting our internal team with the primary responsibility of overseeing our cybersecurity measures and risks. The day-to-day responsibility for assessing, monitoring and managing our cybersecurity risks resides with our IT team. Across the IT team we have employees who have in-depth knowledge and decades of cybersecurity industry experience, including prior experience with developing and overseeing cybersecurity polices and processes for companies required to comply with NIST SP800-171, cybersecurity standards for companies that store sensitive unclassified information on behalf of the United States government, and former Ibeo employees having experience with TISAX compliance. Yet, we recognize the evolving and increasing threat that cybersecurity will have on our operations. As part of our long-term growth strategy, we expect to establish a dedicated cybersecurity team to oversee our cybersecurity risk management. The IT Team Director regularly meets with the Chief Financial Officer and as appropriate the Chief Executive Officer to discuss cybersecurity risks. This ensures that management is informed about our current cybersecurity measures and aware of any potential risks facing our operations. In the event of a cybersecurity incident, we have put in place a reporting structure to inform the Chief Financial Officer, Chief Executive Officer and General Counsel promptly of any incident so that they may assess the appropriate response to the incident and any reporting concerns that may be triggered by the incident.

Company Information