Noble Corp plc 10-K Cybersecurity GRC - 2026-02-12

Page last updated on February 12, 2026

Noble Corp plc reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-02-12 13:43:55 EST.

Filings

10-K filed on 2026-02-12

Noble Corp plc filed a 10-K at 2026-02-12 13:43:55 EST
Accession Number: 0001895262-26-000076

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cyber Security. Risk Management and Strategy Cyber security risk management at Noble, along with other enterprise risks, is part of the Company's Enterprise Risk Management Program. Risks arising from cyber security threats are assessed, identified, and managed by our Information Security Team , which reports to the Chief Information Officer ("CIO"). The Information Security Team is composed of the Director of Information Security, managers, and security analysts. The Information Security Team is responsible for all of Noble's cyber security-related activities such as advising on governance requirements, establishing cyber security policies, standards, and procedures, reporting on cyber security matters, determining risk appetite, setting security posture, evaluating security maturity, and supporting compliance with applicable cyber security frameworks. The team monitors both internal and external cyber security threats, including potential compromising internet-based attacks and phishing activities, and aims to implement and adapt protective measures as appropriate. The Director of Information Security and information security managers carry broad manager level cyber security certifications, and the technical teams carry relevant specific technical certifications related to both information technology and operational technology security. Noble's cyber security program includes mandatory cyber security training and awareness activities, phishing exercises, and incident response plan testing, which are designed to support our cyber security risk management efforts and to assess whether various applicable implemented cyber security controls are operating as intended. Noble works with various third-party service providers to help execute and advise on cyber security and conduct maturity assessments as needed. Noble maintains processes to monitor all third parties with direct access into the Noble network through various implemented security tools that provide both detective and preventive controls. Such third parties are also subject to procurement processes and specific legal terms and conditions. Noble also engages with various third-party service providers in order to share intelligence regarding external threats. For any cyber security incidents, Noble may engage applicable third-party service providers to support with forensic investigations and incident response activities. In the last fiscal year, Noble has not identified any known cyber security threats, incidents, or exposures that have materially affected Noble's business strategy, results of operations, or financial condition, but Noble faces certain ongoing cyber security risks that, if realized, could materially and adversely affect Noble. This does not guarantee that future cyber security incidents or threats will not have a material impact or that we are not currently subject to an undetected cyber security incident or threat that may have such an impact. Potential cyber security risks to Noble are described in Part I, Item 1A, "Risk Factors," which should be read in conjunction with the foregoing information. Governance The Audit Committee of the Board provides oversight of the Company's cyber security program. The Information Security Team keeps management informed about cyber security initiatives, threats, incidents, training, and best practices on an on-going basis via circulated memos or meetings. In addition to reporting through the Audit Committee and Enterprise Risk Management Program, the Board may periodically include cyber security as a standalone agenda item and may engage with the CIO and Information Security Team as well as external experts on cyber security threats. The Information Security Team advises the CIO via reports on prevention, detection, mitigation, and remediation of cyber security threats. The CIO is responsible for the Information Security Team's risk strategy, assessment, exceptions, risk acceptance, and management of the Company's material cyber security risks. Ongoing assessments cover applicable information technology and operations technology systems, applications, and software used to support Noble's corporate and rig operations. The outcomes of these various assessments inform the IT risk appetite and risk identification, and are discussed and shared with the CIO, executive management, the Audit Committee, and the Board of Directors. The CIO has extensive cyber security knowledge and skills gained from over ten years of relevant work experience at Noble including two years as Deputy CIO as well as Director, IT prior to the merger with The Drilling Company of 1972 A/S, a 35 Danish public limited liability company ("Maersk Drilling") with responsibility for cyber security. The CIO has multiple years of experience managing OT data and secure remote access for data management on and offshore. Prior to serving as Director, IT the CIO was the Manager, Business Systems responsible for application management and Enterprise Architecture. The Information Security Team advises the CIO on prevention, detection, mitigation, and remediation of cyber security incidents.

Company Information