Ocean Power Technologies, Inc. 10-K Cybersecurity GRC - 2025-07-24

Page last updated on July 27, 2025

Ocean Power Technologies, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-07-24 17:31:24 EDT.

Filings

10-K filed on 2025-07-24

Ocean Power Technologies, Inc. filed a 10-K at 2025-07-24 17:31:24 EDT
Accession Number: 0001641172-25-020888

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Cybersecurity risk is an important component of our overall enterprise risk management framework, given our reliance on digital systems for product development, operational control, communications, data management, and financial reporting. Our operations involve proprietary software and hardware systems integrated into offshore platforms, as well as sensitive information related to customer deployments, government contracts, and internal business processes . 31 We employ a layered cybersecurity approach aligned with industry standards. Our strategy includes preventive and detective technical controls (e.g., endpoint protection, intrusion detection, access control, and network segmentation), employee training, vendor diligence, and third-party audits. We maintain a combination of on-premise and cloud-based infrastructure with multi-factor authentication and routine patch management. We also work with managed cybersecurity service providers to support real-time threat monitoring and incident response capabilities. Penetration testing and vulnerability scanning are performed periodically, and findings are reviewed with senior leadership. Cybersecurity risks are considered in connection with strategic planning, vendor selection, product development (particularly in embedded control systems), and compliance with regulatory obligations, including export control and data privacy laws. To date, we have not experienced any material cybersecurity incidents that have had a significant impact on our financial condition, results of operations, or reputation. However, we recognize that the threat landscape continues to evolve, and we remain vigilant in adapting our security posture to mitigate emerging risks. Governance The Board of Directors has oversight responsibility for cybersecurity risk as part of its broader enterprise risk oversight function. The Audit Committee receives periodic updates on cybersecurity threats, incidents, risk mitigation strategies, and program enhancements from senior management. Our Incident Response Plan outlines steps to investigate, contain, report, and recover from cybersecurity events. We have established internal procedures to investigate, contain, report, and recover from cybersecurity incidents. These procedures are designed to enable a prompt and coordinated response to potential threats. In the event of an incident determined to be material under SEC guidelines, we are prepared to make timely disclosures through current reports (Form 8-K) as required. Cybersecurity Incidents During the fiscal years ended April 30, 2025 and 2024, we did not identify any cybersecurity incidents that had a material impact on our operations, liquidity, or financial condition. We did observe routine scanning, phishing attempts, and minor technical vulnerabilities, all of which were mitigated without operational disruption or data loss. While no material incidents have occurred, we cannot guarantee that future incidents will not materially affect our company, especially as we expand digital product features, enter new geographic markets, and integrate with third-party systems. Additional information about cybersecurity risks we face is discussed in Item 1A of Part I, “Risk Factors,” under the headings “Failure of our information systems or those of third parties or breaches of data security could cause significant harm to our business” and “Cybersecurity breaches of our systems and information technology could adversely impact our ability to operate or meet contractual obligations,” which should be read in conjunction with the information above.

Company Information