Damon Inc. 10-K Cybersecurity GRC - 2025-09-29

Page last updated on September 30, 2025

Damon Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-09-29 18:14:33 EDT.

Filings

10-K filed on 2025-09-29

Damon Inc. filed a 10-K at 2025-09-29 18:14:33 EDT
Accession Number: 0001213900-25-093259

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C: CYBERSECURITY AND RISK MANAGEMENT Risk Management and Strategy Damon maintains a cyber risk management program integrated into its overall enterprise risk management framework. The program is designed to identify, assess, manage, mitigate, and respond to cybersecurity threats and applies to the Company’s systems, hardware, software, data, people, and processes. Our program is based on recognized standards and best practices, including the National Institute of Standards and Technology (“NIST”) Cybersecurity Framework (CSF) and processes supporting EU General Data Protection Regulation (“GDPR”) requirements. Annual Third-Party Assessments : Damon engages an independent cybersecurity specialist each year to assess its cyber risk management program against the NIST CSF. The annual assessment identifies, quantifies, and prioritizes material risks. In conjunction with third-party advisors, Damon develops and executes mitigation and remediation plans to address identified vulnerabilities. Internal Policies and Procedures : Damon maintains policies governing information security, acceptable use, access and identity management, change management, data backup and recovery, and incident response. External Partnerships : Damon leverages industry-recognized cybersecurity providers and consultants to support ongoing activities such as vulnerability testing, monitoring, identity access management, data protection, encryption, user awareness training, and incident response advisory. Third-Party Risk Management : Damon has implemented a structured program to manage risks associated with vendors, service providers, and other third parties. Key elements include: risk assessments during vendor onboarding and selection; annual review of SOC 1 reports for critical service providers; and regular review of vendor contracts and compliance with service level agreements. These processes are designed to reduce the likelihood of service disruptions or cybersecurity incidents arising from reliance on third parties. Governance and Management’s Role Oversight of Damon’s cybersecurity risk management program rests with the Vice President of IT Operations, who has more than 25 years of experience in information technology and information security. The VP, supported by third-party specialists, is responsible for: a. Program administration. b. Reporting to senior management and stakeholders on prevention, detection, mitigation, and remediation activities. c. Integrating intelligence from governmental, public, and private sources into strategic decision-making. Board Oversight The Audit Committee of the Board of Directors oversees Damon’s cybersecurity risk exposures and monitors management’s risk mitigation efforts. Cybersecurity stakeholders, including management and external consultants, provide regular briefings to the Audit Committee on vulnerabilities, incident response readiness, program effectiveness, and the evolving threat landscape. The full Board reviews cybersecurity risks at least annually as part of the Company’s corporate risk oversight processes. Material Risks and Impact Damon acknowledges that cybersecurity threats represent a potential material risk to its business operations, financial condition, and reputation. Damon has experienced cybersecurity incidents in the past; however, none have had a material adverse effect on the Company’s results of operations, financial condition, or cash flows. 64 However, given the evolving threat landscape, Damon recognizes that a future incident could have a material impact despite existing safeguards. To mitigate such risks, Damon has implemented a formal incident response plan, established processes for prevention, detection, and remediation of cyber threats, and committed to continuous enhancement of cybersecurity controls and monitoring capabilities. Additionally, Damon acknowledges that regulatory requirements regarding cybersecurity, including mandatory incident reporting and disclosure obligations, are increasing. Compliance with these regulations may subject the Company to additional costs, liabilities, or reputational impact. Damon monitors developments in cybersecurity regulation and adjusts its policies and controls accordingly.

Company Information