Envista Holdings Corp 10-K Cybersecurity GRC - 2026-02-12

Page last updated on February 12, 2026

Envista Holdings Corp reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-02-12 16:18:39 EST.

Filings

10-K filed on 2026-02-12

Envista Holdings Corp filed a 10-K at 2026-02-12 16:18:39 EST
Accession Number: 0001757073-26-000011

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Risk Management and Strategy We are committed to taking action to protect our information assets and systems. We have an enterprise-wide information security program designed to identify, protect against, detect, respond to, and manage reasonably foreseeable cybersecurity risks and threats, including those associated with our use of third-party service providers. We have installed privacy and security protection systems and devices on our network to assist in the prevention of cyberthreats and other unauthorized access to information. Additionally, we maintain processes designed to identify, assess, and manage cybersecurity risks associated with third-party service providers, based on the nature of the services provided and their access to our systems or data. These processes include risk-based due diligence, contractual cybersecurity requirements for certain providers, and periodic oversight of third parties that present heightened cybersecurity risk. Cybersecurity risks associated with third-party service providers are considered as part of our broader cybersecurity risk management program. We have adopted an Information Security Policy applicable to all of our employees and business partners. We provide security awareness education and training for our employees annually, conduct regular phishing testing with remedial training for those who fail the tests, and publish internal alerts to highlight any emerging or urgent security threats. We also maintain a Global Security Incident Response Plan ("GSIRP") to guide our response in the event of a cyberattack or other form of network penetration. Our GSIRP is a cross-functional plan that documents the details and decision-making processes required during a response to a security incident, as well as the reporting protocol with escalation timelines and responsibilities. We test our GSIRP with tabletop exercises administered by a third-party security consultant. We leverage the standards set by the National Institute of Standards and Technology ("NIST") Cybersecurity Framework as well as industry best practices to measure our security posture and manage risk. We also maintain cyber liability insurance to help mitigate potential liabilities resulting from cyber issues, although our insurer may deny coverage for a future claim or our insurance coverage may be insufficient to cover all losses from a cyberattack. We evaluate and manage risks relating to cybersecurity as part of our overall enterprise risk management program. We perform an annual assessment across the Company to identify and review potential risks. Risks are prioritized based on threat models to improve cybersecurity throughout the Company. Cybersecurity Governance Our Global Head of Information Security & Governance, Risk Management, and Compliance ("GRC") reports to our Chief Information Officer and is responsible for leading our enterprise-wide information security team. The team focuses on developing and implementing strategies, processes and response plans to protect the confidentiality, integrity, and availability of our assets. Our Global Head of Information Security & GRC has prior experience as a chief information security officer and over 25 years of experience in technology and security. Our security team also includes members who maintain industry security certificates. Our team is additionally supported by our managed service provider and other third parties to assist in the operations of our program, compliance audits and security penetration testing. Our Board of Directors oversees our enterprise risk management program. The Audit Committee of our Board of Directors has the responsibility of exercising oversight with respect to our cybersecurity risk management and risk controls. Our Chief Information Officer provides periodic reports to the Audit Committee regarding our cybersecurity program, including our information risk management and oversight, security education and training, cyber threat detection and response processes, relevant internal and industry cybersecurity attacks, and updates on emerging technologies, including artificial intelligence. The Board also receives a report on cybersecurity issues and governance at least annually, with periodic updates as needed. Board members receive periodic presentations on cybersecurity topics from our Chief Information Officer and external experts as part of the Board's continuing education on topics that impact public companies. 44 Material Cybersecurity Risks, Threats, and Incidents Like most multinational corporations, our information technology systems have been subject to computer viruses, malicious codes, unauthorized access and other cyberattacks, and we expect the sophistication and frequency of such attacks to continue to increase. To date, no attempted cyberattack or other attempted intrusion on our information technology networks has resulted in a material adverse impact on our business strategy, results of operations or financial condition. There can be no assurance that future incidents will not materially affect us, including our business strategy, results of operations or financial condition. Please refer to "Item 1A. Risk Factors-Risks Related to Our Business" for further detail about the material cybersecurity risks we face.

Company Information