NightFood Holdings, Inc. 10-K Cybersecurity GRC - 2025-10-14

Page last updated on October 14, 2025

NightFood Holdings, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-10-14 09:55:11 EDT.

Filings

10-K filed on 2025-10-14

NightFood Holdings, Inc. filed a 10-K at 2025-10-14 09:55:11 EDT
Accession Number: 0001493152-25-017958

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity We rely on the integrity and availability of our information technology (“IT”) systems, as well as those of certain third-party service providers, to support our operations and safeguard sensitive information. These systems may store or process confidential business data, intellectual property, financial records, and personal information. Most of our robots leverage on-site servers, which provides greater control over data and reduces reliance on overseas or manufacturer-hosted servers often used by other robotics companies. We believe this approach enhances system security and protects sensitive operational and customer information. We maintain security measures intended to protect against cybersecurity threats; however, no system is entirely free from risk. To date, we have not experienced any material cybersecurity incidents. We monitor applicable U.S. data privacy and cybersecurity standards and will continue to prioritize cybersecurity as a core element of our operations. Governance and Oversight Oversight of cybersecurity risk currently rests with department managers, who are responsible for monitoring IT systems, addressing potential risks, and reporting issues directly to senior management. At this stage, the Company has not established formal Board-level committees dedicated to cybersecurity; however, management, led by our Chief Executive Officer, President, Subsidiary Chief Executive Officers and Chairman, oversees day-to-day cybersecurity operations and engages external specialists as needed. The Company recognizes the importance of cybersecurity governance and intends to formalize oversight structures, including establishing Board-level committees, in the near future as our operations expand. Risk Management Approach We have implemented, and continue to enhance, a cybersecurity risk management program designed to identify, assess, and mitigate threats to our systems and data. Current measures include: ● Use of firewalls, antivirus and endpoint protection tools, and restricted access to critical systems; ● Multi-factor authentication for select systems and administrative users; ● Employee training programs focused on phishing awareness and data security practices; ● Incident response procedures to detect, contain, and remediate security events; and ● Engagement of third-party providers to conduct vulnerability testing and supplement technical expertise where internal resources are limited. We are in the process of expanding our policies and procedures to better align with recognized security standards and improve documentation of our cybersecurity framework. We acknowledge that, given our size and available resources, the maturity of our program may be more limited than that of larger organizations. Third-Party Vendor Risk A significant portion of our data storage, communications, and operational systems are hosted or managed by third-party vendors. While we perform diligence and require certain contractual security obligations, we do not directly control these external systems. As a result, our operations may be impacted by cybersecurity vulnerabilities or incidents affecting our vendors. Incident History To date, we are not aware of any cybersecurity incidents that have had a material adverse effect on our operations, business, results of operations, or financial condition. We have, however, experienced routine attempted phishing attacks, malware probes, and other common malicious activity. These attempts have been contained without material impact. Potential Risks Cybersecurity threats, if realized, could disrupt operations, compromise sensitive data, damage our reputation, subject us to regulatory investigations or penalties, and result in significant financial losses. While we maintain processes and controls designed to prevent or mitigate such risks, no system can provide absolute assurance. Future Enhancements We are committed to strengthening our cybersecurity posture as our operations expand. Planned initiatives include enhancing continuous monitoring capabilities, expanding multi-factor authentication to additional systems, improving vendor oversight, and formalizing Board-level oversight of cybersecurity through dedicated committees. These steps are intended to align our practices more closely with recognized industry standards and support long-term resilience.

Company Information