LivaNova PLC 10-K Cybersecurity GRC - 2026-02-25

Page last updated on February 25, 2026

LivaNova PLC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-02-25 15:26:24 EST.

Company Summary

LivaNova, PLC is an American medical device manufacturer domiciled in the UK. The company develops devices used for cardiac surgery and neuromodulation. The company was formed in 2015 by a $2.7B merger between Houston, Texas-based Cyberonics, Inc. and Milan, Italy-based Sorin S.p.a. The company trades on the NASDAQ stock exchange under the ticker symbol "LIVN".
Source: Wikipedia

Filings

10-K filed on 2026-02-25

LivaNova PLC filed a 10-K at 2026-02-25 15:26:24 EST
Accession Number: 0001639691-26-000010

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Cyber Risk Management and Strategy LivaNova's enterprise risk management process consists of risk identification, evaluation, control and monitoring, and documentation. LivaNova's Board of Directors oversees risk management within the Company, and the legal and compliance teams work in tandem to provide the framework to identify and reduce risks that may materially impact the Company's business . As part of the enterprise risk management process, regular inquiries and discussions are held with, among others, the 31 CISO, Chief Information Officer, Vice President of Digital Health, Chief Privacy Officer, and their respective teams to review the cybersecurity risk landscape. LivaNova's CISO has a Master of Science in Cybersecurity with a specialization in technical security and incident response, in addition to over 15 years of experience in the cybersecurity and IT space. The CISO leads the Company's cybersecurity team, identifies cybersecurity threats, and implements countermeasures in the cybersecurity realm, considering both internal operations and the external landscape. As part of his duties, the CISO provides relevant information in connection with regular enterprise risk assessments. The CISO also manages the Company's cyber risk and assurance program. Guided by the principles of various industry-leading standards, such as the National Institute of Standards and Technology cybersecurity framework and ISO 27001, the objective of LivaNova's cyber risk and assurance program is to continue to strengthen LivaNova's cybersecurity resilience. As part of LivaNova's cyber resiliency strategy and in an effort to mitigate potential cybersecurity risks, the Company employs various measures, including employee security awareness training, systems monitoring, testing and maintenance of protective systems, and contingency plans. In addition, the CISO manages a structured cybersecurity incident response program where periodic simulation exercises are performed to prepare and train the Company's cybersecurity incident responders. The Company deploys multiple security processes, tools, and security architectures to help bolster its defense detection capabilities. LivaNova regularly evaluates itself for appropriate business continuity and disaster recovery planning, with test scenarios that include simulations and penetration tests. In addition, LivaNova routinely engages with third-party service providers to conduct evaluations of its security controls, whether through penetration testing, security assessments, or consulting on best practices to address evolving cyber threats. The Company receives threat intelligence from industry peers, government agencies, industry-specific information sharing and analysis centers, and cybersecurity associations. The Company relies heavily on its supply chain to deliver products and services to its customers, and a cybersecurity incident at a supplier, subcontractor, or service provider could adversely impact the Company. The Company assesses third-party cybersecurity controls through its cybersecurity program and includes security and privacy addendums to its contracts where applicable. Historically, risks from cybersecurity threats have not materially affected the Company's business strategy, results of operations, or financial condition. As previously disclosed, in November 2023, the Company initiated its cyber response protocol in response to a cybersecurity incident that resulted in a disruption of portions of its IT systems. The incident was contained, and the Company's mitigation efforts are considered complete, but any future cybersecurity incident has the potential to materially affect the Company's results of operations, cash flows, and financial condition. For a description of the Company's evaluation of its disclosure controls and procedures, management's report on internal control over financial reporting, and changes in internal control over financial reporting, see "Part II, Item 9A. Controls and Procedures." Cyber Governance On a regular basis, the CISO presents key security updates and metrics to the Company's Executive Team as well as the IT Advisory Council, which is composed of functional leaders across the Company and is responsible for IT governance oversight in the Company. On an annual basis, the CISO reviews cybersecurity program achievements and corrective actions with the Company's Executive Team, which is a cross-functional group composed of the CEO, the CFO, the CLO, or their designees, and other executive leaders of the Company. During fiscal year 2025, the CISO reported to the CLO; as of January 2026, the role reports to the CFO. As codified in its charter, the Audit Committee is responsible for reviewing the processes by which cybersecurity risks are managed and reporting any issues that arise out of such reviews to the Company's Board of Directors . The CISO provides key security updates and metrics to the Audit Committee on a quarterly basis, and directly to the chair of the Audit Committee on a case-by-case basis, as needed, at any time during the quarter. The Audit Committee reviews these reports, which include, among other things, external events impacting the Company, cybersecurity incidents, and evaluations of user readiness to address cybersecurity incidents. Notwithstanding the Company's approach to cybersecurity, the Company may not be successful in preventing or mitigating future cybersecurity incidents that could have a material adverse effect on the Company. While LivaNova maintains cybersecurity insurance, the costs related to cybersecurity threats or disruptions may not be fully insured. For more information on risks related to cybersecurity and data security, see "Item 1A. Risk Factors - Risks Relating to the Company's Business and Operations ."

Company Information