Hughes Satellite Systems Corp 10-K Cybersecurity GRC - 2024-04-01

Page last updated on April 11, 2024

Hughes Satellite Systems Corp reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-04-01 15:20:55 EDT.

Filings

10-K filed on 2024-04-01

Hughes Satellite Systems Corp filed an 10-K at 2024-04-01 15:20:55 EDT
Accession Number: 0001533758-24-000007

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY We recognize the importance of assessing, identifying, reviewing and managing material risks associated with cybersecurity threats, as such term is defined in Item 106(a) of Regulation S-K. These risks include, among other things: operational and legal risks including intelle ctual property theft or loss, fraud, extortion, harm to employees or customers and violation of data privacy or security laws. Our framework is informed in part by the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF), although this does not imply that we meet all technical standards, specifications or requirements under NIST CSF. We have an enterprise-wide information security program designed to identify, protect against, detect, respond to, and recover from cybersecurity risks, threats, and events. Our cyber risk management system contributes significantly to the overall resilience and integrity of our business by, among other things, integrating the risk identification process in all major company initiatives and deployment processes, implementing a unified approach to managing both digital and traditional business risks, making continuous improvements and regularly reporting to management and the Board of Directors as a whole to ensure accountability. We regularly assess risks from cybersecurity and technology threats and monitor our information systems for potential vulnerabilities. We and certain third parties conduct regular reviews and tests of our information security program and also leverage, among other things, audits, tabletop exercises, penetration and vulnerability testing, red team exercises, simulations and other exercises to evaluate the effectiveness of our information security program and improve our security measures and planning. In addition, we evaluate third-party risks and perform third-party risk management to assess, identify and mitigate risks from third parties such as vendors, suppliers and other business partners. We have not experienced cyber-attacks or other malicious activities that materially disrupted our business. Any future failure or disruption of our information technology infrastructure and communications systems or those of third parties that we use in our operations, could harm our business. We describe whether and how risks from identified cybersecurity threats, including, but not limited to, as a result of any previous cyber-security incidents, have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations or financial condition included as part of our risk factor disclosures at Item 1A of this Annual Report on Form 10-K. Our Senior Director of Cybersecurity Infrastructure and Threat Hunting, Corporate Cybersecurity leads our information security organization responsible for overseeing our information security program. This individual has over 20 years of experience in various roles involving security, including risk management and security leadership. Team members who support our information security program have relevant educational and industry experience, including, but not limited to, holding similar positions at large technology companies. The team provides regular reports to senior management and other relevant teams, including, but not limited to, the Chief Executive Officer ( CEO ), Chief Operating Officer ( COO ), and Chief Legal Officer ( CLO ). Preparation for and, where possible prevention of cybersecurity incidents involves regular and structured briefings to key management on risk remediation measures that should be taken to decrease, among other things, the likelihood and severity of incidents and to mitigate and manage their effects. The CEO, COO, CLO and other members of management receive detailed updates on cybersecurity risks on a regular basis, no less frequently than monthly, or when significant risks or incidents are identified. These briefings enable the management team to, among other things, stay informed of the latest threats, assess the effectiveness of current security measures and make timely decisions on strategic security initiatives. In addition, the Board of Directors is regularly briefed, no less frequently than quarterly, on cybersecurity risks as part of its oversight functions and to ensure that cybersecurity practices align with the company s overall risk management framework and business objectives. In connection with the Integration, we anticipate that we will continue to evaluate and address as needed our cyber security risk management, policies, structure, strategies and governance to meet our needs. 10 Table of Contents

Company Information