AEP Texas Inc. 10-K Cybersecurity GRC - 2026-02-12

Page last updated on February 12, 2026

AEP Texas Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-02-12 10:12:43 EST.

Filings

10-K filed on 2026-02-12

AEP Texas Inc. filed a 10-K at 2026-02-12 10:12:43 EST
Accession Number: 0000004904-26-000013

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Cybersecurity is a critical component of AEP's risk management framework. As an electric utility operating critical infrastructure, AEP is subject to mandatory requirements under applicable federal, state, and industry standards. AEP maintains a risk-based cybersecurity program designed to protect the confidentiality, integrity, and availability of its information technology, operational technology, and critical infrastructure assets. Cybersecurity Risk Management and Strategy AEP's cybersecurity risk management program is designed to identify, assess, and manage risks from cybersecurity threats, including those posed by third parties. The program incorporates a defense-in-depth approach, leverages partnerships with government and peers to assess the evolving threats and aligns with recognized industry standards and regulatory requirements applicable to electric utilities. Key elements of AEP's cybersecurity program include, among others: - Continuous monitoring and detection of cyber threats; - Vulnerability assessments and penetration testing; - Incident response planning and exercises; - Business continuity and disaster recovery planning; - Security awareness training, including advanced phishing simulations; - Third-party risk management, including vendor due diligence and contractual controls ; - Cybersecurity insurance coverage. AEP regularly evaluates and updates its cybersecurity controls, processes, and technologies in response to the evolving threat landscape and regulatory developments. We leverage both internal expertise and external partners to assist with assessments, testing, and program maturity evaluations. Governance and Oversight AEP's Board of Directors , through the Technology Committee, oversees the cybersecurity program and our approach to cyber risk management. The Technology Committee receives periodic updates from management regarding cybersecurity risks, the threat environment, and the status of AEP's security programs, including significant incidents, if any. Management's Role and Expertise Management is responsible for implementing and maintaining AEP's cybersecurity programs. Day-to-day oversight is led by AEP's Senior Vice President (SVP) of Enterprise Security, Resilience, and National Security Policy who reports to AEP's Chief Executive Officer. The SVP for Enterprise Security, Resilience, and National Security Policy has expertise in electricity sector risk management, critical infrastructure protection, cybersecurity, and incident response. This individual also oversees and leads AEP's engagements with Federal agencies on cybersecurity and physical security threat information sharing and 31 partnerships with the Department of Homeland Security, Federal Bureau of Investigation, Department of Energy, and the intelligence community. The SVP for Enterprise Security, Resilience, and National Security Policy also works closely with AEP's Chief Information Officer, Generation, Transmission, and Distribution operations leadership, along with legal, compliance, internal audit, and business resilience to help ensure cybersecurity risks are identified, assessed, and managed across the enterprise. Management also provides relevant cybersecurity updates to the Audit Committee . AEP has not identified any cybersecurity incidents that have materially affected or are reasonably likely to materially affect its business strategy, results of operations, or financial condition. 32

Company Information