Powerfleet, Inc. 10-K Cybersecurity GRC - 2025-06-26

Page last updated on June 26, 2025

Powerfleet, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-06-26 13:29:01 EDT.

Filings

10-K filed on 2025-06-26

Powerfleet, Inc. filed a 10-K at 2025-06-26 13:29:01 EDT
Accession Number: 0001628280-25-033105

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Cybersecurity Governance Our board of directors has the ultimate oversight responsibility for the risk management process and regularly reviews issues that present particular risk to us, including those involving cybersecurity. Our board is responsible for ensuring that management has processes in place designed to identify and assess cybersecurity risks to which the Company is exposed and implement processes and programs designed to manage cybersecurity risks and mitigate and remediate cybersecurity threats and incidents. Our Chief Information Security Officer (“CISO”), together with the Information Security Steering Committee (the “ISS Committee”), reports to the board on material cybersecurity risks, initiatives, and any material cyber events on an ongoing basis, as well as establishing processes to ensure that such potential cybersecurity risk exposures are monitored, putting in place appropriate mitigation measures and maintaining cybersecurity programs. In managing cybersecurity risks, we adhere to a structured framework that outlines the roles and responsibilities of board and management positions and committees . Our CISO, together with the ISS Committee, plays a pivotal role in the governance of our cybersecurity posture. Members of the ISS Committee are selected for their domain-specific expertise and strategic vision, with representation from our IT, security, finance, legal, operations, and compliance sectors. The ISS Committee is an assembly of cross-functional senior leaders from various groups within our company. Led by the CISO, the ISS Committee’s function extends to the formulation of cybersecurity policies, setting risk management priorities and driving the adoption of security best practices across our company. By leveraging the collective expertise of the ISS Committee, we ensure cybersecurity considerations are integrated into our company’s organizational strategy and decision-making processes. Our CISO leads our cybersecurity initiative, holding various IT and security certificates and possessing over 20 years of experience in risk assessments, regulatory compliance (across various frameworks such as ISO 27001, NIST, and GDPR), threat intelligence gathering, and orchestrating coordinated incident response efforts. Our CISO ensures that our cybersecurity team is equipped with up-to-date threat intelligence and uses industry leading tools for threat monitoring and incident response. The cybersecurity team, led by our CISO, is a collective of highly qualified individuals with diverse backgrounds in IT, security, cyber risk management, and digital forensics, and holding various professional certifications (such as CISA, GRCP, IPMP, IDPP, CEH, ISO27001). Under the CISO’s leadership, our cybersecurity team continuously monitors threats and implements necessary security controls, conducting regular reviews and updates to the cybersecurity strategy. Any potential or actual cybersecurity incidents are assessed for their financial impact by our Director of SNM and reported to our Chief Financial Officer for a comprehensive risk analysis. Our CISO and Chief Innovation Officer report material cybersecurity risks to our board of directors based on their and the ISS Committee’s assessment of risk. Cybersecurity Risk Management and Strategy Our processes for assessing, identifying, and managing cybersecurity threats are designed to be thorough and transparent, ensuring that investors have a clear understanding of our commitment to cybersecurity and are integrated into our overall risk management processes. Our cybersecurity team collaborates with leaders from each department to ensure cybersecurity risks are considered alongside operational, financial, and strategic risks. As part of our enterprise risk management program, we conduct regular cybersecurity risk assessments to identify cybersecurity threats. We also perform targeted assessments following any material changes that may affect production or information systems, as well as Powerfleet-specific or industry-wide vulnerabilities. These assessments include identification of reasonably foreseeable internal and external risks, the likelihood and potential damage that could result from such risks, and the sufficiency of existing policies, procedures, systems, and safeguards in place to manage such risks. We regularly engage with external assessors, consultants, and auditors to ensure our cybersecurity practices are up to date and aligned with industry standards. These third parties conduct independent audits of our cybersecurity measures and validate the 31 effectiveness of our risk management processes. We also engage specialized cybersecurity firms to perform penetration testing and vulnerability assessments. We have processes in place to manage and mitigate risks associated with the use of third-party service providers , including, but not limited to conducting due diligence before onboarding new service providers and continuously monitoring their compliance with our security standards. We require service providers to undergo regular security assessments, and we ensure that such providers have robust incident response plans in place during our engagement. To date, no risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect our business, our business strategy, our results of operations or our financial condition. For a description of the risks from cybersecurity threats that may materially affect the Company and how they may do so, see our risk factors under “Item 1A. Risk Factors”.

Company Information