ROPER TECHNOLOGIES INC 10-K Cybersecurity GRC - 2026-02-24

Page last updated on February 24, 2026

ROPER TECHNOLOGIES INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-02-24 17:25:37 EST.

Filings

10-K filed on 2026-02-24

ROPER TECHNOLOGIES INC filed a 10-K at 2026-02-24 17:25:37 EST
Accession Number: 0000882835-26-000009

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Roper's Cybersecurity Program Roper maintains a global Cybersecurity Program supervised by the Vice President of Cybersecurity that outlines required cybersecurity controls for all Roper businesses. Given the decentralized nature of Roper's operating model, day-to-day management and implementation of the Cybersecurity Program and deployment of the program's cybersecurity controls are managed locally by each of Roper's 29 business units, including localized information security management. In addition, because Roper's businesses generally operate independently and maintain separate infrastructure and systems, we believe the risk of an enterprise-wide cybersecurity incident is somewhat reduced. While cybersecurity technologies and implementation may differ based on the needs and risk profile of each individual business, Roper has also implemented cybersecurity tools and managed services to centrally monitor certain aspects of the Cybersecurity Program. Roper performs cybersecurity risk assessments to assess compliance with mandated cybersecurity controls and to assess the likelihood and impact magnitude of specific cyberattacks. Cybersecurity risk assessments are periodically performed to assess internal compliance with cybersecurity strategy and the implementation of cybersecurity controls. Cybersecurity assessments are also performed for acquisitions and periodically for our businesses through independent testing and remediation validation to validate cybersecurity control implementation. Areas identified for enhancement and improvement are monitored and tracked to remediation by the Roper cybersecurity team, including the Vice President of Cybersecurity. In 2025, Roper engaged a third party to assess its cybersecurity program. The results of the assessment largely aligned with those of the Company's own assessment, and the Roper cybersecurity team has implemented the suggested enhancements. Cybersecurity risk is also addressed in, and monitored by, the Company's enterprise risk management program. The Cybersecurity Program includes controls designed to oversee and identify risks from cybersecurity threats associated with third parties as they are leveraged by Roper's businesses in their respective software code development processes or for other purposes that require third-party access to critical infrastructure. The controls include, as appropriate, regularly assessing management of access controls and the cybersecurity risks posed by third parties and their supply chains, and the security posture of open-source components and software dependencies used in our products and operations. Roper conducts annual cybersecurity risk assessments for all enterprise-wide systems and cloud service providers, as well as critical enterprise systems. Roper deploys cybersecurity practices and tools across all of its businesses designed to protect data, maintain resilient operations, and limit the impact of cybercrime. We deploy a managed detection and response solution across all of our business units and our corporate infrastructure that is designed to address the detection, response, and remediation effectiveness for cybersecurity threats. This solution is intended to provide real-time visibility of the endpoint footprint across the enterprise, including patch management and vulnerabilities, device encryption, and cybersecurity threats and detections. Additionally, this solution is designed to provide real-time monitoring of identity-based attacks, emerging AI-powered threats, as well as monitoring of the deep, dark, and social webs for cybersecurity threats targeting Roper's businesses. We maintain a centralized incident response process with a third-party forensic partner on retainer. In addition, we have cybersecurity insurance policies in place. Roper maintains a Cybersecurity Incident Response Plan ("CSIRP"), which requires each Roper business to designate a Cybersecurity Incident Response Team that is responsible for receiving, reviewing, and responding to cybersecurity incident reports and activities. Cybersecurity incidents are required to be promptly reported to the Roper cybersecurity team, who then monitors such incidents through their resolution. We work on security awareness with our employees throughout the year with annual cybersecurity training and monthly simulated phishing campaigns to better identify and report unusual behavior and to mitigate the likelihood and impact of possible cybersecurity incidents. Cybersecurity Governance The Cybersecurity Program is supervised by Roper's Vice President of Cybersecurity , who has related experience including cybersecurity, IT, cloud, and security compliance . The Vice President of Cybersecurity has obtained a B.S. in Management Information Systems, a Master's in Business Administration, and a Master's in Management Information Systems. She also maintains the following industry cybersecurity certifications: CISA, CISSP, GSEC, GCED, GSA, and a Boardroom Certified Qualified Technology Expert (QTE). 18 Our Board of Directors (the "Board") has not delegated responsibility for cybersecurity matters to a committee. Rather, the Board believes that due to the importance and continually evolving nature of risks from cybersecurity threats, all members of the Board should participate in the oversight of these topics. As a result, management briefs the Board on cybersecurity matters during regularly scheduled Board meetings. The Audit Committee also receives briefings on cybersecurity matters and related risks from the Vice President of Audit Services and Chief Compliance Officer, who monitors these matters pursuant to the Company's enterprise risk management program . Roper has also established a Cyber Disclosure Committee chaired by the Vice President of Cybersecurity to track and evaluate potentially material cybersecurity incidents and to assess their potential impact on the organization. This process builds upon the CSIRP and provides a framework for Roper management to monitor potentially material cybersecurity incidents. The Cyber Disclosure Committee reports its activities and findings, as appropriate, to the Chief Executive Officer, Chief Financial Officer, Principal Accounting Officer, and General Counsel, and, if appropriate, to the Board of Directors. Although we have experienced cybersecurity incidents, these incidents have not materially affected Roper, including its business strategy, results of operations, or financial condition. See "Item 1A. Risk Factors, We rely on information and technology, including third-party cloud computing platforms and other third-party business partners, for many of our business operations which could fail and cause disruption to our business operations." above for more information. While we work to maintain our Cybersecurity Program, there can be no assurance that such actions will be sufficient to prevent cybersecurity incidents or mitigate all risks from cybersecurity threats or potential risks to such systems, networks, and data or those of our third-party providers.

Company Information