KURA SUSHI USA, INC. 10-K Cybersecurity GRC - 2025-11-06

Page last updated on November 6, 2025

KURA SUSHI USA, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-11-06 16:35:40 EST.

Filings

10-K filed on 2025-11-06

KURA SUSHI USA, INC. filed a 10-K at 2025-11-06 16:35:40 EST
Accession Number: 0001193125-25-269773

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurit y Risk Management and Strategy Our cybersecurity risk management program is designed to monitor and control cybersecurity risk exposure, response, mitigation and protect the confidentiality, integrity and availability of our critical systems and information. Our cybersecurity policies and processes are fully integrated into the Company's Enterprise Risk Management program. Our cybersecurity program is based on industry recognized best practices, including the ISO 27001 Information Security, Cybersecurity and Privacy protection international best practice standards. Our cybersecurity risk management program includes: - Ongoing risk assessments to help identify material cybersecurity risks to our critical systems and information by performing regular scans of our environment, assessing incident trends, internal assessments and engaging third parties to assess the effectiveness of our cybersecurity practices; - The use of external service providers, where appropriate, to monitor, identify, assess, test and remediate, or otherwise assist with aspects of our security controls; - Mandatory cybersecurity awareness training for employees and simulated phishing attacks; - A disaster recovery and business-continuity plan and controls designed to protect against business interruption, including the backing up of our critical systems; - A cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents, internal reporting to management and the board of directors; - Cybersecurity insurance which is assessed annually; and - Risk management process for service providers, suppliers, and vendors. Cybersecurity risks are monitored on an ongoing basis, and the security program and practices are adjusted as necessary. We are not currently aware of risks from known cybersecurity threats that have materially affected or are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition. Cybersecurity Governance Our board of directors considers cybersecurity risk as part of its risk oversight function and oversees management's implementation of our cybersecurity risk management program, including the steps taken to monitor, minimize or control such risks or exposures. The board of directors receives quarterly reports from management regarding the status of the cybersecurity risk management program, current activities, planned projects, and security assessments. In addition, management will update the board of directors, as necessary, regarding any significant cybersecurity incidents that we may experience. Our management team is responsible for assessing and managing our material risks from cybersecurity threats. The team has primary responsibility for our overall cybersecurity risk management program and supervises both our internal cybersecurity personnel and our external cybersecurity consultants. Our cybersecurity risk management team is led by our VP IT Security Compliance and our Head of IT . These individuals have collectively over 50 years of experience in both restaurant and technology sectors and have held technology leadership roles at national restaurant companies. Additional information on cybersecurity risks is discussed in Part I, Item 1A, "Risk Factors," under the heading "We rely significantly on information technology and cybersecurity, and any material failure, weakness, interruption or breach of security could prevent us from effectively operating our business." 34

Company Information