Triller Group Inc. 10-K Cybersecurity GRC - 2026-01-26

Page last updated on February 4, 2026

Triller Group Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-01-26 11:36:10 EST.

Filings

10-K filed on 2026-01-26

Triller Group Inc. filed a 10-K at 2026-01-26 11:36:10 EST
Accession Number: 0001213900-26-007545

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. Cybersecurity Risk Management and Strategy We identify and assess material risks from cybersecurity threats to our information systems and the information residing in our information systems by monitoring and evaluating our threat environment on an ongoing basis using various methods including, for example, using manual and automated tools, subscribing to reports and services that identify cybersecurity threats, analyzing reports of threats and threat actors, conducting scans of the threat environment, and conducting risk assessments. We manage material risks from cybersecurity threats to our information systems and the information residing in our information systems through various processes and procedures, including, depending on the environment, risk assessments, incident detection and response, vulnerability management, disaster recovery and business continuity plans, internal controls within our accounting and financial reporting functions, encryption of data, network security controls, access controls, physical security, asset management, systems monitoring, and employee training. We engage third-party service providers to provide some of the resources used in our information systems and some third-party service providers have access to information residing in our information systems. With respect to such third parties, we seek to engage reliable, reputable service providers that maintain cybersecurity programs. Depending on the nature and extent of the services provided, the sensitivity and quantity of information processed, and the identity of the service provider, our processes may include conducting due diligence on the cybersecurity practices of such provider and contractually imposing cybersecurity related obligations on the provider. 91 The development and operation of Triller's Technology Platform is subject to physical, technological, security and other risks which may result in interruption in service or reduced capacity. These risks include physical damage, power loss, telecommunications failure, capacity limitation, hardware or software failures or defects and breaches of physical and cybersecurity by computer viruses, system break-ins or otherwise. An increase in the volume of usage of Triller's Technology Platform could strain the capacity of the software and hardware employed to prevent and identify such failures, breaches and attacks, which could result in slower response time or system failures. In particular, Triller's industry has witnessed an increase in the number, intensity and sophistication of cybersecurity incidents caused by hackers and other malicious actors such as foreign governments, criminals, hacktivists, terrorists and insider threats. Hackers and other malicious actors may be able to penetrate Triller's network security and misappropriate or compromise Triller's confidential, sensitive, personal or proprietary information, or that of third parties, and engage in the unauthorized use or dissemination of such information. They may be able to create system disruptions, or cause shutdowns. Hackers and other malicious actors may be able to develop and deploy viruses, worms, ransomware and other malicious software programs that attack Triller's products or otherwise exploit any security vulnerabilities of Triller's systems. In addition, sophisticated hardware and operating system software and applications that Triller procures from third parties may contain defects in design or manufacture, including "bugs," cybersecurity vulnerabilities and other problems that could unexpectedly interfere with the operation or security of its systems. For example, in 2022, as a result of a bug introduced in the application, Triller estimated that potentially 504 accounts may have been compromised. Cybersecurity Governance Our Board of Directors holds oversight responsibility over Triller's risk management and strategy, including material risks related to cybersecurity threats. This oversight is executed directly by our board of directors and through its committees. Our audit committee oversees the management of Triller's major financial risk exposures, the steps management has taken to monitor and control such exposures, and the process by which risk assessment and management is undertaken and handled, which would include cybersecurity risks, in accordance with its charter. The audit committee holds regular meetings and receives periodic reports from management regarding risk management, including major financial risk exposures from cybersecurity threats or incidents. Within management, the Group Chief Information Officer of our business units are primarily responsible for assessing and managing our material risks from cybersecurity threats on a day-to-day basis and keep the senior executive officers informed on a regular basis of the identification, assessment, and management of cybersecurity risks and of any cybersecurity incidents. Such management personnel have prior experience and training in managing information systems and cybersecurity matters and participate in ongoing training programs. As of the date hereof, the Company has not encountered cybersecurity incidents that the Company believes to have been material to the Company taken as a whole.

Company Information