Bristow Group Inc. 10-K Cybersecurity GRC - 2026-02-25

Page last updated on February 26, 2026

Bristow Group Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-02-25 18:43:25 EST.

Filings

10-K filed on 2026-02-25

Bristow Group Inc. filed a 10-K at 2026-02-25 18:43:25 EST
Accession Number: 0001525221-26-000013

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Our cybersecurity strategy, which is effected through our Cybersecurity Risk Management Model, prioritizes the security and protection of our information technology networks and systems, through the detection, analysis and response to known, anticipated or unexpected threats and effective management of security risks. Our Cybersecurity Risk Management Model provides for four levels of industry-standard response activities to protect the Company against cyber threats. These are: (1) Policy Framework: Our information security practices include development, implementation, and improvement of policies and procedures to safeguard information and ensure availability of critical data and systems, including our Information Security Policies, which establishes guidelines for the safe and secure use of the Company's information systems and data, and our Electronic Communication Policy, which outlines the responsibilities of those using the Company's network and Information Technology ("IT") equipment. Employees and third-party service providers are required to comply with our Information Security Policies and our Electronic Communication Policy. (2) Awareness Programs: All employees participate in mandatory annual training and receive periodic communications regarding the cybersecurity environment to increase awareness throughout the Company. We also provide enhanced training for specific IT personnel that require specialized knowledge for their roles and responsibilities. (3) Security Engineering: We leverage a combination of the International Organization for Standardization (the "ISO") best practice standards and other global standards, including Control Objectives for Information and Relevant Technology (COBIT), to measure our security posture and manage risk. In addition, we utilize multifactor authentication and maintain multiple certifications, including ISO 27001 certification, which is globally recognized as one of the highest standards of compliance and control for information security management systems. We also perform critical preventive measures and follow a layered defense, such as phishing simulations, email and system security monitoring, data encryption, continuous patching, and border protection security using both internal resources and independent third-party service providers . (4) IT Resiliency: Our IT Department and operations teams have formalized disaster recovery processes, business continuity procedures and an incident response plan. These processes and procedures also account for risks associated with third parties that provide IT services, process information on our behalf, or have access to our information systems. While the IT Department oversees the technical aspects of information security, our Data Privacy Officer ("DPO") is responsible for leadership, compliance, and oversight of applicable privacy-related laws and policies, which are designed to protect data belonging to our employees and customers. Oversight and funding requests for all significant technology projects and initiatives, including data privacy and cybersecurity, must be reviewed and approved by our IT Steering Committee. This committee consists of five (5) members: the Chief Information Officer, the President and Chief Executive Officer ("CEO"), the Chief Financial Officer, the Chief Operating Officer, Government Services and the Chief Operating Officer, Offshore Energy Services. The CEO, with the assistance of the other members of the Executive Leadership Team, is responsible for, among other risk management measures, implementing measures designed to ensure the safety standards for personnel, information technology systems and data security, the environment and property in performing the Company's operations. The Company's Enterprise Risk Management Committee ("ERM"), sponsored by the CEO, oversees our risk management processes and ensures that sound policies, procedures and practices are in place for the enterprise-wide management of the Company's material risks. The ERM reports the results of the Committee's activities to the Company's Board at least annually. Information shared with the Board includes risks associated with cybersecurity and any of the topics identified in our materiality assessment . R esponsibilities for risk management and compliance are distributed throughout various functional areas of the business, including but not limited to, the Compliance Committee, which supports business integrity and compliance efforts globally, and oversees Bristow's compliance efforts with respect to the COBI, relevant policies, and applicable laws. We have a Cybersecurity Committee that prioritizes our cybersecurity programs and provides oversight around cybersecurity practices and guidance in responding to cyber incidents. Our Cybersecurity Committee consists of six (6) members: the Chief Information Officer, the Chief Financial Officer, the Director of Internal Audit, the Director of IT Infrastructure, Sr. Manager Flight Operations Systems, the Data Privacy Officer and the IT Security and Compliance Manager. Members of our Cybersecurity Committee have work experience managing cybersecurity and information security risks, an understanding of the cybersecurity threat landscape and/or knowledge of emerging privacy risks in our industry. Committee members are also experienced and knowledgeable across various IT disciplines including strategy, governance, infrastructure, applications, data management, audit controls & compliance, risk management, disaster recovery, business continuity, and incident response planning. The Cybersecurity Committee meets quarterly and provides updates to our Executive Leadership Team periodically and to the Audit Committee annually (or more frequently as needed). Under its charter, our Audit Committee, comprised of independent directors from our Board, must conduct annual reviews of any emerging cybersecurity developments and threats and strategies to mitigate cybersecurity risks. The Cybersecurity Committee also delivers periodic updates to the Board on the status of the information security program, including but not limited to, relevant cyber threats, technology roadmaps and key initiative updates, and the identification and management of information security risks. The Board reviews cybersecurity opportunities relating to our business strategy, and cybersecurity-related matters are also factored into business continuity planning. The Company has an IT Cyber Incident Management Team that is comprised of the following individuals: the Chief Information Officer, the Director of IT Infrastructure, Sr. Manager Flight Operations Systems, the Director of Financial Systems, the Director of Business Applications, the IT Security and Compliance Manager, and external technical security advisors. If there is a cybersecurity incident, our IT Cyber Incident Management Team oversees Bristow's cyber incident response and remains in close contact with the Executive Leadership Team and the Audit Committee throughout the cyber incident resolution process. As of December 31, 2025, we are not aware of any material risks from cybersecurity threats, that have materially affected or are reasonably likely to materially affect our Company, including our business strategy, results of operations, or financial condition.

Company Information