Forward Industries, Inc. 10-K Cybersecurity GRC - 2025-12-11

Page last updated on December 11, 2025

Forward Industries, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-12-11 16:22:56 EST.

Filings

10-K filed on 2025-12-11

Forward Industries, Inc. filed a 10-K at 2025-12-11 16:22:56 EST
Accession Number: 0001683168-25-009068

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Risk Management and Strategy We recognize the importance of developing, implementing and maintaining cybersecurity measures to safeguard our information and operational technologies and protect the confidentiality, integrity and availability of our data. Our business is dependent upon our computer systems, devices, software and networks to collect, process and store the data necessary to conduct almost all aspects of our business. We have designed our cybersecurity procedures based on the National Institute of Standards and Technology Cybersecurity Framework ("NIST CSF"). We have used NIST CSF as a guide to help identify, assess and manage cybersecurity risks relative to our business, but this does not imply that our cybersecurity program meets any particular technical standard, specification or requirement. 28 We have processes in place to assess, identify, manage and address material cybersecurity threats and incidents. These include, among other things, annual and ongoing security awareness training for employees, mechanisms to detect and monitor unusual network activity, use of encryption and authentication technologies, penetration testing and containment and incident response tools. We regularly assess risks from cybersecurity and technology threats and monitor our information systems for potential vulnerabilities. We maintain an incident response plan with a cross-functional team comprised of members of the information technology department, senior management and other appropriate individuals. The team is responsible for assessing and managing the cybersecurity incident response process and taking necessary corrective actions to mitigate and/or eliminate any issues. In connection with our new digital asset treasury strategy, we intend to appoint a Chief Information Security Officer in Fiscal 2026. Our control over the security posture of and ability to monitor the cybersecurity practices of third-party vendors and service providers, including Galaxy Digital and any digital asset custodians, exchanges, or validators we utilize, is limited and there can be no assurance that we can prevent, mitigate or remediate the risk of any compromise or failure in the cybersecurity infrastructure owned or controlled by third parties. Given our significant digital asset holdings, any cybersecurity breach affecting our third-party service providers could have a material adverse effect on our business, financial condition, and results of operations. As of the filing date of this Annual Report on Form 10-K, we are not aware of any cybersecurity incidents that have materially affected or are reasonably likely to materially affect our business strategy, results of operations or financial condition. However, despite our efforts, we cannot eliminate all risks from cybersecurity threats or incidents or provide assurances that we have not experienced an undetected cybersecurity incident. For more information about these risks, see "Item 1A - Risk Factors." Governance Our Board of Directors has overall responsibility for the oversight of risk management, including cybersecurity risks. The Board of Directors receives periodic briefings on cybersecurity matters, including key risks to the Company, recent developments and risk mitigation activities from management. Our information technology team is responsible for assessing and maintaining our cybersecurity risk management program and may engage third-party experts on an as-needed basis for risk assessment and system enhancements. Our information technology team are experienced information systems security professionals with many years of experience in the information technology field and various degrees and cybersecurity-related certifications.

Company Information