Hut 8 Corp. 10-K Cybersecurity GRC - 2024-03-28

Page last updated on April 11, 2024

Hut 8 Corp. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-28 09:17:00 EDT.

Filings

10-K filed on 2024-03-28

Hut 8 Corp. filed an 10-K at 2024-03-28 09:17:00 EDT
Accession Number: 0001558370-24-004176

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Cybersecurity Risk Management and Strategy Given the inherent and growing risks of operating our business, we recognize the importance of incorporating, monitoring, and updating cybersecurity risk programs as part of operating, management, and governance practices. Our Operations Risk Management Program is been designed to monitor and mitigate technology-related risks across our operations and assess cybersecurity risks related to customers, partners, and suppliers. Our Cybersecurity Program is part of our Operations Risk Management Program and is led by our Senior Vice President of Engineering, who has over 25 years of experience leading engineering, security, and IT at startup and enterprise companies, with oversight from an independent third-party security advisory organization. Our Senior Vice President of Engineering and his team lead our cybersecurity initiatives, including standards, policy development and enforcement, architecture, and processes. Our Risk Committee led by our Senior Vice President of Engineering, includes senior executives and leaders from across our organization and provides oversight and guidance on technology risks facing our business, including cybersecurity. Our internal experts and external third-party advisors evaluate our security posture on a regular basis, and the results of those reviews are reported to our Risk Committee and other relevant members of senior management as well as to our Board. Our Incident Response Committee, which is comprised of our leaders in the areas of information security, legal, finance, privacy, and communications, is responsible for leading our Company s response to cyber incidents. Our Cybersecurity Incident Response Plan outlines the processes by which management and our Board monitor, detect, assess and resolve cyber incidents. The Company, our third-party suppliers and customers, along with other companies in our industry, have been subject to, and are likely to continue to be the target of, data breaches, cyber-attacks and other similar incidents as discussed in more detail in Item 1A. Risk Factors. Despite the efforts and investments made, not all intrusions may be prevented. In light of the numerous cybersecurity risks that we face, it is reasonably likely that cybersecurity threats could materially affect our business strategy, results of operations, or financial condition. See our risk factors under Item 1A. Risk Factors. Cybersecurity Governance We are exposed to a number of risks and we regularly identify and evaluate these risks and our risk management strategy. Management is principally responsible for identifying, evaluating and managing the risks on a day-to-day basis, under the oversight of our Board and the audit committee. Our audit committee is responsible for overseeing our enterprise risk management processes, including our guidelines and policies governing the process of risk assessment and risk management, which includes cybersecurity. In addition, our Board is presented with information at its regularly scheduled and special meetings, including on risk and security posture, privacy, security initiatives and programs, and emerging conditions, and management provides more frequent, informal communications to the Board between regularly scheduled meetings, which are designed to give the Board regular updates about our business. The Board considers this information and provides feedback, makes recommendations and, as appropriate, authorizes or directs management to address particular exposures to risk. 63 Table of Contents

Company Information