Neptune Insurance Holdings Inc. 10-K Cybersecurity GRC - 2026-02-25

Page last updated on February 26, 2026

Neptune Insurance Holdings Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-02-25 17:47:56 EST.

Filings

10-K filed on 2026-02-25

Neptune Insurance Holdings Inc. filed a 10-K at 2026-02-25 17:47:56 EST
Accession Number: 0002067129-26-000007

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. Cybersecurity Risk Management Protecting the sensitive data of our policyholders, partners, and organization is a top priority. As a technology-first company, we recognize that maintaining cybersecurity practices and safeguards is essential to ensuring the integrity of our systems and the trust of our stakeholders. Our cybersecurity strategy is designed to address both current and emerging threats and leverage best practices, advanced tools, and ongoing vigilance. Key components of our approach include: 1. Comprehensive Security Framework: We employ a multi-layered cybersecurity framework that includes firewalls, intrusion detection systems, endpoint protection, and encryption protocols to safeguard data and systems. Our infrastructure is regularly updated to ensure alignment with the latest security standards and regulatory requirements. 2. Cybersecurity Oversight: The board of directors has delegated oversight responsibility for cybersecurity risks to the Audit Committee . As established in the Audit Committee charter, the Audit Committee periodically receives information from management regarding cybersecurity matters. Our management, including our Chief Technology Officer and Chief Information Security Officer (CTO/CISO), a role held by a single executive, is responsible for day-to-day cybersecurity risk management, including oversight of third-party service providers and responding to potential cybersecurity incidents. Our CTO/CISO, who reports to our Chief Executive Officer, has 15 years of experience in various cybersecurity related roles. 3. Data Protection: Policyholder and partner data is stored securely within our systems, with access strictly controlled and monitored. Sensitive information is encrypted both in transit and at rest, ensuring protection against unauthorized access. 4. Proactive Threat Monitoring and Response: We utilize threat monitoring tools to identify and mitigate potential vulnerabilities in real time. Our dedicated cybersecurity team conducts regular audits, vulnerability assessments, and penetration testing to proactively address risks. 5. Employee Awareness and Training: Cybersecurity is a shared responsibility across our organization. We provide regular training to employees on identifying and mitigating cybersecurity risks, ensuring that our team is equipped to recognize phishing, social engineering, and other common attack vectors. 6. Incident Response Plan: In the event of a cybersecurity incident, we have a detailed incident response plan in place to contain, investigate, and resolve the issue promptly. Our team conducts post-incident reviews to continuously improve our defenses and reduce the likelihood of future occurrences. 7. Third-Party Risk Management : As part of our commitment to cybersecurity, we carefully vet all third-party vendors and partners to ensure they meet our security standards. We maintain contractual agreements and conduct periodic assessments to confirm compliance. 8. Regulatory Compliance: We have policies and procedures in place designed to adhere to all applicable data privacy and security regulations, including state, federal, and international standards, where applicable. Compliance is regularly reviewed to ensure our practices remain current with evolving regulatory landscapes. Cybersecurity risk management is an ongoing process, and we remain committed to staying ahead of emerging threats. By continuously investing in advanced technologies, fostering a culture of security awareness, and prioritizing proactive measures, we strive to protect our policyholders, partners, and business from potential risks while maintaining the integrity 55 of our operations. For further information, please see the section entitled "Risk Factors - Risks Relating to Data, Intellectual Property and Cybersecurity."

Company Information