Vertical Data Inc. 10-K Cybersecurity GRC - 2025-12-29

Page last updated on December 29, 2025

Vertical Data Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-12-29 17:24:13 EST.

Filings

10-K filed on 2025-12-29

Vertical Data Inc. filed a 10-K at 2025-12-29 17:24:13 EST
Accession Number: 0001493152-25-029443

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Vertical Data Inc. recognizes the critical importance of developing, implementing, and maintaining robust cybersecurity measures to safeguard our information systems and protect the confidentiality, integrity, and availability of our data. Risk Management and Strategy Managing Material Risks & Integrated Overall Risk Management Currently, Vertical data inc. does not have a formalized cybersecurity risk management process. However, the organization is working toward implementing a framework for assessing, identifying, and managing material risks from cybersecurity threats. A managed IT service provider continuously works to evaluate and address cybersecurity risks in alignment with our business objectives and operational needs. This includes assessing cybersecurity risk as part of an overall risk assessment and considering the likelihood and potential consequences of each risk. Plans also include the identification of critical cybersecurity risks (e.g., malware, phishing, ransomware, and unauthorized access) and the implementation of formalized mitigants to address those risks such as cybersecurity policies and incident response strategy. Third-Party Risk Vertical Data Inc. does not currently engage with third parties in connection with cybersecurity risk management. Third-party consultants including cybersecurity auditors are being considered for future engagement, at which point any risks stemming from the use of third parties will be incorporated in the cybersecurity risk assessment. Risks from Cybersecurity Threats Vertical Data Inc. has not encountered any cybersecurity risks or incidents that have materially impacted our business strategy, operational results, or financial condition. We remain dedicated to maintaining a strong cybersecurity posture by continually analyzing and improving our security procedures to reduce potential risks. This approach to cybersecurity is critical for protecting sensitive information and guaranteeing the reliability of our business operations. Governance Board of Directors Oversight The Board of Directors is aware of the critical nature of managing risks associated with cybersecurity threats. The Board is committed to effective governance in managing risks associated with cybersecurity threats because we recognize the significance of these threats to our operational integrity and stakeholder confidence. The Board of Directors is informed of relevant cybersecurity risks and related updates during Board meetings by the CFO. There have been no critical, time sensitive cybersecurity updates thus far, but if this did occur it would be escalated to the Board immediately. Management's Role Managing Risk Within the management team, the responsibility for assessing and managing cybersecurity risk falls under the purview of the CFO. To that extent, the Company leverages his extensive experience and specialized skills. This collaboration significantly bolsters our overall cybersecurity stance, creating a well-rounded and robust defense against emerging threats. Monitoring Cybersecurity Incidents Vertical Data's IT Service Provider monitors cybersecurity events and logs for unusual activity or potential security breaches within the network. E-mail alerts are sent in real time as notification for any suspicious activity including phishing attempts, suspicious attachments, and other e-mail-related security concerns. The IT Service Provider also utilizes security tools to regularly conduct thorough scans of the network infrastructure. The tools help identify vulnerabilities, malware, and other potential threats, enabling a proactive measure to prevent and mitigate cybersecurity incidents. 9 Reporting to Board of Directors The CFO is responsible for escalation of pertinent cybersecurity risks to the board of directors. This includes briefings on existing threat scenarios, updates on incident response efforts, and recommendations for enhancing our cybersecurity stance.

Company Information