Tilray Brands, Inc. 10-K Cybersecurity GRC - 2025-07-28

Page last updated on July 29, 2025

Tilray Brands, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-07-28 19:22:54 EDT.

Filings

10-K filed on 2025-07-28

Tilray Brands, Inc. filed a 10-K at 2025-07-28 19:22:54 EDT
Accession Number: 0001437749-25-023703

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Cybersecurity risk, management, and strategy Tilray recognizes that cybersecurity is critical to protecting our systems, data, and operations. We are committed to addressing the significant risks posed by cyber threats by proactively managing the evolving landscape through a comprehensive, enterprise wide approach. Our enterprise risk management framework considers cybersecurity risk alongside other company risks as part of our overall risk assessment process and shares common methodologies, reporting channels and governance processes that apply across the enterprise risk management framework to other legal, compliance, operational, and financial risk areas. The Company is committed to maintaining robust processes to assess, identify and mitigate material risks from cybersecurity threats and to protect against, detect and respond to cybersecurity incidents. Our business is subject to various cybersecurity risks, including but not limited to, unauthorized access to sensitive data, including customer information and medical information, disruption of operations or supply chain due to cyberattacks, theft or manipulation of intellectual property, such as proprietary strains or cultivation techniques, regulatory non-compliance resulting from cybersecurity breaches, including violations of data privacy laws. To address these risks, we have implemented a comprehensive cybersecurity program, which includes, regular risk assessments and vulnerability testing to identify and remediate potential weaknesses in our infrastructure, deployment of advanced access controls, encryption, and endpoint protection to safeguard sensitive data such as customer and medical information, mandatory annual cybersecurity training and awareness programs for all employees to reduce the risk of social engineering and phishing attacks, and continual monitoring and incident response protocols to detect, contain and respond to cybersecurity incidents in a timely and effective manner. We also have information security and data privacy policies and procedures in place applicable to our directors, officers, employees, contractors and suppliers. Third parties service providers also contribute to our overall cybersecurity. We engage third parties that are cybersecurity experts to support in the design, implementation and continuous improvement of our cybersecurity program. As of the date of this Form 10 -K, we do not believe any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations or financial condition. See “Item 1A. Risk Factors” for further information about these risks. Cybersecurity governance Cybersecurity is an important part of our risk management processes and is an area of focus for our Board, Chief Information Officer (“CIO”) whom reports directly to the Chief Executive Officer, and management team. Our CIO plays a pivotal role in assessing and managing material risks stemming from cybersecurity threats and is primarily responsible for the oversight of our overall cybersecurity risk management program, and coordinates with our external cybersecurity consultants. Additionally, given that cybersecurity risks can impact various areas of responsibility of the Committees of the Board, our Board of Directors oversees cybersecurity risk management and regularly reviews our cybersecurity strategy and initiatives. The Board receives quarterly and as needed updates on cybersecurity matters from the CIO and management on topics including threat landscape developments, incident response readiness, and program enhancements. Tilray is dedicated to maintaining a robust cybersecurity program to safeguard our assets, data, and stakeholders’ interests. We remain vigilant in our efforts to identify, assess, and mitigate cybersecurity risks and are committed to transparency and accountability in our cybersecurity disclosures. 36

Company Information