KORE Group Holdings, Inc. 10-K Cybersecurity GRC - 2025-04-30

Page last updated on May 26, 2025

KORE Group Holdings, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-04-30 16:29:00 EDT.

Filings

10-K filed on 2025-04-30

KORE Group Holdings, Inc. filed a 10-K at 2025-04-30 16:29:00 EDT
Accession Number: 0001855457-25-000022

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY We recognize the critical importance of maintaining the safety and security of our systems and data and have a program for overseeing and managing cybersecurity and related risks, which is supported by both management and our Board. Our cybersecurity functions are led by our Chief Operating Officer (“COO”) , who reports to our Chief Executive Officer. Our COO’s relevant experience in cybersecurity includes previous experience, such as having previously served as Chief Executive Officer of a company that provides geospatial intelligence software and as Chief Technology Officer at a global cloud-based enterprise software company. Our Vice President - IT Security & Compliance (“VPITSC”), under the direction of the COO, is responsible for overseeing our cybersecurity management program and the protection and defense of our networks and systems. The VPITSC’s relevant experience in cybersecurity includes over twelve years of extensive experience at the Company in cybersecurity, in various progressive roles. The VPITSC manages a team of cybersecurity professionals with broad experience and expertise, including in cybersecurity threat assessments and detection, mitigation technologies, cybersecurity training, incident response, cyber forensics, insider threats and regulatory compliance. Our Board is responsible for overseeing our enterprise risk management activities in general, and each of our Board committees assists the Board in its role of risk oversight. The full Board receives an update on the Company’s risk management process and the risk trends related to cybersecurity at least annually from the COO. Our cybersecurity strategy includes but is not limited to the following key elements: Risk Assessment and Management - We comply with the international standard ISO 27001, an Information Security Management System (ISMS), which helps safeguard the confidentiality, integrity, and availability of information through a structured risk management process. This approach assures stakeholders that cybersecurity risks are effectively managed. To support this commitment, we conduct regular risk assessments to identify, evaluate, and mitigate potential threats. Internal training and awareness - We provide training to our employees to help identify, avoid, and mitigate the risk from cybersecurity threats. Our employees are required to complete mandatory cybersecurity awareness training upon hiring and also participate annually in required cybersecurity awareness training, unless on a leave of absence. Technical Security Controls - We employ layered security controls, including Managed Endpoint Detection and Response, firewalls, intrusion detection systems, encryption technologies, and a Security Operations Center that is operated 24 hours a day, seven days a week. Vendor risk management program - We have implemented processes to oversee, identify and manage risks from cybersecurity threats associated with our use of third-party service providers. Our vendor risk management program establishes governance, processes and tools for managing various risks related to third-party service providers, including information security and supplier-related risks. As a condition of working with KORE, suppliers who access sensitive business or customer information are expected to meet certain information security requirements. Incident Response - We have put in place a formal incident response plan to address and mitigate potential security breaches in a timely and effective manner. Communication protocols have been established to notify relevant stakeholders, including regulators and customers, as required. Our incident response team conducts regular simulations and exercises to ensure readiness and effectiveness. Internal Audit Program - We operate an internal audit program. On an annual basis, our internal audit team conducts an overall business risk assessment, which includes an evaluation of cybersecurity risks. Included in this evaluation is a report on our cybersecurity posture and related matters that is presented to the leaders of the relevant business teams, who are responsible for prioritizing and addressing the risks identified. As of December 31, 2024, we have not identified risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, that have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations or financial condition. We are committed to investing in cybersecurity and to enhancing our internal controls and processes, which are designed to help protect our systems and information. For more information regarding the risks we face from cybersecurity threats, please see Part I, Item 1A, - " Risk Factors" .

Company Information