Glimpse Group, Inc. 10-K Cybersecurity GRC - 2025-09-29

Page last updated on September 29, 2025

Glimpse Group, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-09-29 17:30:50 EDT.

Filings

10-K filed on 2025-09-29

Glimpse Group, Inc. filed a 10-K at 2025-09-29 17:30:50 EDT
Accession Number: 0001493152-25-016073

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Risk Management and Strategy Our cybersecurity risk management program is intended to protect the confidentiality, integrity , and availability of our critical IT systems, information and IP. Cybersecurity risks are among the risks evaluated and considered by, our broader enterprise risk management program, which is designed to identify, assess, prioritize and mitigate risks across the organization to enhance our resilience and support the achievement of our strategic objectives. Our cybersecurity risk management program is led by our Director of Information Technology, who is principally responsible for managing our cybersecurity risk assessment processes, our security controls, and our detection and response to cybersecurity incidents. Our program includes protocols for preventing, detecting and responding to cybersecurity incidents, and cross-functional coordination, and planning for business continuity and disaster recovery. We rely on our information security management system supported by a set of policies based upon industry frameworks, including the NIST Cybersecurity Framework. This does not imply that we meet any particular technical standards, specifications, or requirements, only that we use the NIST CSF as a guide to help us identify, assess, and manage cybersecurity risks relevant to our business. Our cybersecurity risk management program includes: ● Risk assessments designed to help identify material cybersecurity risks to our critical systems, information, products, services, and our broader enterprise IT environment. ● Security team principally responsible for managing (i) our cybersecurity risk assessment processes, (ii) our security controls, and (iii) our response to cybersecurity incidents; ● The use of external service providers, where appropriate, to assess, test or otherwise assist with aspects of our security controls. ● Cybersecurity awareness training of our employees, incident response personnel, and senior management. ● Cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents. ● Third-party risk management process for service providers, suppliers, and vendors. We also have a cybersecurity incident response plan for the CIRT to assess and manage cybersecurity incidents, which includes escalation procedures based on the nature and severity of the incident including, where appropriate, escalation to our board of directors. As part of our overall risk mitigation strategy, we maintain insurance coverage that is intended to address certain aspects of cybersecurity risks; however, such insurance may not be sufficient in type or amount to cover us against claims related to cybersecurity breaches, cyberattacks and other related breaches. As of the date of this Report, we do no t believe that any risks from cybersecurity threats, have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations or financial condition. Despite our security measures, however, there can be no assurance that we, or third parties with which we interact, will not experience a cybersecurity incident in the future that will materially affect us. 25 Governance Our board of directors has primary responsibility for oversight of our cybersecurity and other information technology risks, including our plans to mitigate cybersecurity risks and to respond to data breaches. Our board of directors receives reports from our Director of Information Technology on cybersecurity matters on as needed basis. These reports can include a range of topics, including our cybersecurity risk profile, the current cybersecurity and emerging threat landscape, the status of ongoing cybersecurity initiatives, incident reports, and the results of internal and external assessments of our information systems. The Audit Committee of our board of directors (the “Audit Committee”) also annually reviews the adequacy and effectiveness of our information and technology security policies and the internal controls regarding information and technology security and cybersecurity, and periodically receives updates. The Chair of the Audit Committee reports to the full board of directors on these discussions as appropriate. At the management level, our Director of Information Technology who is experienced in cybersecurity matters, leads our enterprise-wide cybersecurity program, and is responsible for assessing and managing our materials risks from cybersecurity threats. In performing his role, our Director of Information Technology is informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity risks and incidents through the management of, and participation in, the cybersecurity risk management program and other processes described above, including the maintenance and execution of our cyber incident response plan. Our Director of Information Technology reports to our Chief Financial Officer/Chief Operating Officer and to our Chief Executive Officer.

Company Information