Hut 8 Corp. 10-K Cybersecurity GRC - 2026-02-25

Page last updated on February 25, 2026

Hut 8 Corp. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-02-25 06:36:25 EST.

Filings

10-K filed on 2026-02-25

Hut 8 Corp. filed a 10-K at 2026-02-25 06:36:25 EST
Accession Number: 0001104659-26-019392

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Cybersecurity Risk Management and Strategy Given the inherent and growing risks of operating our business, we recognize the importance of incorporating , monitoring, and updating cybersecurity risk programs as part of operating, management, and governance practices. Our Cybersecurity Program has been designed to monitor, manage, and mitigate our cybersecurity risks. The supporting Cyber Security Policy establishes a cybersecurity framework by defining security responsibilities, access controls, data protection standards, and required technical safeguards to protect our systems, information, and assets. Our Cybersecurity Program and Policy are currently owned by our Chief Legal Officer and Corporate Secretary, working with our IT function. In addition, we leverage the insights and expertise of our retained Security Advisory Partner , who provides strategic and technical guidance to our internal team and supplements our internal staffing to assist with day-to-day cybersecurity and related tasks. Our Security Advisory Partner is responsible for the design and implementation of our information security strategy and works in conjunction with our internal team to collaboratively spearhead our cybersecurity efforts, focusing on standards, policy creation and implementation, architecture, and processes. We believe our internal team and Security Advisory Partner, boasting extensive experience and holding various industry-standard cybersecurity certifications, capably handle a wide range of complex cybersecurity demands, including assessments, operations, and remediation across the spectrum of cybersecurity challenges. Our internal team and Security Advisory Partner assess our security posture on a regular basis, and the results of those reviews are reported to members of senior management as well as to our Audit Committee, and where appropriate, our Board. Our Incident Response Team, which is comprised of members of our IT and legal teams and our Security Advisory Partner, is responsible for leading our response to cyber incidents. Our Incident Response Plan outlines the processes by which we identify, report, investigate, contain, and remediate cybersecurity incidents. It is designed to identify material risks, and appropriate controls for managing them, and ensure that necessary disclosures are made promptly to uphold transparency and compliance with relevant regulations. We, our third-party suppliers, and our customers, along with other companies in our industry, have been subject to, and are likely to continue to be the target of, cyber-attacks, as discussed in more detail in "Risk Factors." We have implemented a Third Party Risk Management process to oversee and identify material risks, including cybersecurity threats, stemming from our engagement with third-party service providers. Our process is designed to ensure that vendors presenting material technology or cybersecurity risks are subjected to a rigorous privacy and security review prior to engagement and thereafter monitored continuously for compliance with our stringent security standards. Despite the efforts and investments made, not all threats may be prevented. In light of the numerous cybersecurity risks that we face, it is reasonably likely that cybersecurity threats could materially affect our business, financial condition, or results of operations. See "Risk Factors." Cybersecurity Governance We encounter a range of risks and continuously conduct comprehensive evaluations to refine our risk management strategies effectively. Management is principally responsible for identifying , evaluating, and managing the risks on a day-to-day basis, under the oversight of our Board and the Audit Committee. Our Audit Committee is responsible for overseeing our Enterprise Risk Management processes, including our guidelines and policies governing the process of risk assessment and risk management, which includes cybersecurity. In addition, our Audit Committee is presented with information at its regularly scheduled and special meetings, including on risk and security posture, security initiatives and programs, and emerging conditions, and management may provide more frequent, informal communications to the Board or Audit Committee between regularly scheduled meetings, as appropriate. Our Board or Audit Committee , as applicable, reviews this information and delivers strategic feedback, offers recommendations, and, when necessary, grants authorization or directs management to mitigate specific risk exposures.

Company Information