i-80 Gold Corp. 10-K Cybersecurity GRC - 2026-02-19

Page last updated on February 19, 2026

i-80 Gold Corp. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-02-19 17:22:50 EST.

Filings

10-K filed on 2026-02-19

i-80 Gold Corp. filed a 10-K at 2026-02-19 17:22:50 EST
Accession Number: 0001628280-26-009886

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Risk Management and Strategy Overview Protecting the information systems, assets, data, and communication infrastructure is critical to the Company's operations. Consequently, cybersecurity is prioritized through the implementation of a comprehensive cybersecurity risk management program that is managed by the executive team leadership in conjunction with the IT Department and falls within the boundaries of the overall organization risk management program. Key Principles of the Cybersecurity Risk Management Program: - Risk Management - a proactive approach to identifying and mitigating risks to protect the organization's assets and integrity through third party assessments, internal assessments and global cybersecurity threat analysis. - Defense Strategy - adopts a robust defense approach to protect systems from potential threats, including an assumption of breach mindset. - Zero-Trust Architecture - implements a zero-trust philosophy, ensuring that no entity is inherently trusted without verification. - Least Privileged Access - employ strict identity and access management principles to limit user access based on necessity. - Mitigation and Management of Incidents or Disasters - our risk management program includes policies and procedures for incident response and mitigation. Key Components of the Cybersecurity Program: - Ongoing Detecting and Monitoring - Continuous surveillance of networks to identify threats and intrusions in real-time. - Vulnerability Assessment - Regular assessments conducted by both internal teams and external partners to identify system vulnerabilities. - Employee Training - Regular cybersecurity training and awareness campaigns are undertaken to equip employees with the knowledge needed to mitigate risks. - IT Leadership - The IT Department leads the implementation of the cybersecurity risk management program, ensuring adherence to Company and regulatory standards. Compliance Framework The cybersecurity program aligns with the National Institute of Standards and Technology's Cybersecurity Framework. The IT Department, in collaboration with external vendors, diligently works to detect vulnerabilities, identify compromised devices, and maintain compliance across the organization's IT systems. External Engagement The Company engages with third-party organizations to conduct regular assessments of compliance, controls, and overall risk management strategies, ensuring a comprehensive approach to cybersecurity. Quarterly vulnerability assessments are performed on external and internal systems, as well as a larger annual audit of system security and compliance. Responsibility and Communication The Company promotes a culture where cybersecurity awareness is recognized as everyone's responsibility. Regular communications about cybersecurity risk mitigation and intrusion prevention measures are shared with senior management and the Board of i-80. Incident History The Company has not experienced any cybersecurity incidents during the year ended December 31, 2025, or in any prior year that resulted in interruptions to normal business operations or breaches of systems. Governance Structure Board and Management Oversight - The Company is confident that any material cybersecurity threats will be brought to the attention of the Board, as the Senior Management Team includes the affirmative responsibility to periodically review risk assessments from management with respect to cybersecurity, including assessments of the overall threat landscape and related strategies and investments. One way in which the Senior Management Team fulfills that requirement is by receiving regular reports from the IT Director on not only known cybersecurity threats or incidents (including related risk assessments), but the landscape more generally, including with respect to known threats, technological advancements, best practices and current events. Management regularly reviews cyber security planning, including development and management of the program, budgeting, and participation in the incident response plan. The senior management team involved in this review includes our CEO, Chief Financial Officer ("CFO"), and the Director of IT . These reviews can also provide topics for discussion at Board and/or Audit Committee meetings. The Director of IT has a master's degree in management information systems and over 28 years of experience. The fully staffed department includes a third-party resource dedicated to cybersecurity who monitors our threat detection and response tools for any attempted or successful hacks or other incursions into our IT environment, both externally and internally. These are reviewed and mitigated where appropriate, and escalated, if necessary, via the processes noted above. 25

Company Information