Polaris Inc. 10-K Cybersecurity GRC - 2026-02-13

Page last updated on February 13, 2026

Polaris Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-02-13 14:23:18 EST.

Filings

10-K filed on 2026-02-13

Polaris Inc. filed a 10-K at 2026-02-13 14:23:18 EST
Accession Number: 0001628280-26-008033

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Cybersecurity Risk Management & Strategy. Polaris' has implemented a cybersecurity risk management program, which is part of Polaris' overall enterprise risk management program, that is designed to align with industry-standard cybersecurity frameworks, addressing both information security and product security, including connected vehicles, embedded systems, and related technologies. Polaris' cybersecurity risk management program is assessed against the NIST Cybersecurity Framework, which incorporates processes for each of the core functions (i.e., Identify, Protect, Detect, Respond, and Recover) to assess, manage, and mitigate risks from cybersecurity threats. Our cybersecurity risk management program also includes risk-based processes for managing third-party cybersecurity risks. The processes cover: conducting cybersecurity assessments of third-party service providers; incorporating cybersecurity obligations into contracts with third-party providers; and receiving and responding to notification of cybersecurity incidents of third-party service providers, among other things. Our cybersecurity team engages third-party security experts to assist with our processes for assessing, identifying, and managing risks from cybersecurity threats, including, for example, assessment of the maturity of our cybersecurity risk management program, penetration testing, employee awareness testing, phish testing, and incident monitoring and response, including conducting tabletop exercises. In 2025, Polaris did not identify any cybersecurity threats that have materially affected or are reasonably likely to materially affect our business strategy, results of operations, or financial condition. However, despite our efforts, we cannot eliminate all risks from cybersecurity threats. For more information about these risks, please see "Risk Factors - Regulatory, Intellectual Property, Cybersecurity and Privacy Risks" in this Annual Report. Cybersecurity Governance. Our Senior Vice President and Chief Digital and Information Officer , who has 30 years of technology leadership, leads the Polaris cybersecurity risk management program. He is supported by a staff of cybersecurity professionals that includes personnel with a range of information and product security experience, from early-career professionals with cybersecurity degrees to seasoned professionals with multiple cybersecurity-related certifications and more than twenty years of experience. The Senior Vice President and Chief Digital and Information Officer receives reports from our cybersecurity team on the prevention, detection, mitigation, and remediation of cybersecurity incidents. Polaris maintains a cybersecurity council made up of senior executives across the business who meet regularly to receive updates from the Senior Vice President and Chief Digital and Information Officer and the cybersecurity team regarding our cybersecurity risks and risk management program; cybersecurity incidents and our response to them; and, as appropriate, developments in the external cybersecurity landscape, including learnings from external cybersecurity incidents. Our full Board of Directors provides oversight of our cybersecurity risk management program and receives updates on the program from the Senior Vice President and Chief Digital and Information Officer on a quarterly basis, or more frequently as appropriate. Those updates include information regarding our cybersecurity risks and risk management program; cybersecurity incidents and our response to them; and, as appropriate, developments in the external cybersecurity landscape, including any learnings from cybersecurity incidents.

Company Information