eXp World Holdings, Inc. 10-K Cybersecurity GRC - 2026-02-24

Page last updated on February 24, 2026

eXp World Holdings, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-02-24 16:25:04 EST.

Filings

10-K filed on 2026-02-24

eXp World Holdings, Inc. filed a 10-K at 2026-02-24 16:25:04 EST
Accession Number: 0001104659-26-019145

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. CYBERSECURITY The Company maintains a cybersecurity program designed to identify, assess, and manage material risks from cybersecurity threats across all business segments. Our cybersecurity program considers cybersecurity risks alongside other company risks as part of our overall enterprise risk assessment process, and shares common methodologies, reporting channels and governance processes that apply to other risks impacting the company, such as regulatory, financial and operational risks. Each reporting segment is responsible for monitoring and responding to risks within its operations, supported by annual training, standardized controls, and companywide policies. The Company engages third-party consultants and technology providers to test and evaluate its security posture, provide independent assessments, and support remediation efforts. The Company also assesses cybersecurity risks presented by key suppliers and service providers , document their security posture through internal tools, and in certain cases requires third party audit reports or contractual notification of security incidents. Daily monitoring and incident response activities are carried out by IT staff, with escalation protocols to the Company's Chief Technology Officer ("CTO") and Chief Executive Officer (CEO) as appropriate. FrameVR.io maintains its own cybersecurity program in consultation with the CTO. The Company has processes in place to log, track, and remediate incidents, and to coordinate responses across reporting segments. To date, the Company has not identified any cybersecurity threats or incidents that have had, or are reasonably likely to have, a material effect on the Company's business strategy, financial condition, or results of operations. Oversight of risks from cybersecurity threats is provided by the Board through the Board's Nominating and Corporate Governance Committee , which receives quarterly reports from the CTO on emerging threats, program initiatives, regulatory compliance, and any incident activity. The CTO, in coordination with IT team members and legal team support segment leaders, ensures that significant developments are escalated to the Board, and the CEO retains ultimate responsibility for the Company's cybersecurity risk management. The CEO has over 25 years of technology leadership experience. The CEO also holds a degree in Economics and Computer Science from the University of Oklahoma, which supports his ability to align technology initiatives with strategic business goals. The CTO has over 20 years of experience leading digital product and technology teams with a focus on delivering innovative software solutions that have served millions of consumers globally and internal enterprise groups. She drives business transformation through secure, scalable platforms focused on software reliability, user experience, data integrity, and system architecture. She has extensive experience in dealing with system security implementations, data architectures, risk mitigation and system protections. She holds a Master of Business Administration, with a specialty in Executive Leadership, from Royal Roads University and undergraduate degrees from Queen's University and the University of British Columbia .

Company Information