SOLAREDGE TECHNOLOGIES, INC. 10-K Cybersecurity GRC - 2026-02-25

Page last updated on February 25, 2026

SOLAREDGE TECHNOLOGIES, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-02-25 08:41:24 EST.

Filings

10-K filed on 2026-02-25

SOLAREDGE TECHNOLOGIES, INC. filed a 10-K at 2026-02-25 08:41:24 EST
Accession Number: 0001178913-26-000632

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. Cybersecurity Cyber security risk is an area of increasing focus for our Board, particularly as an increasingly significant part of our operations rely on digital technologies. As a result, we have implemented a cyber security program to assess, identify, and manage risks from cyber security threats that may result in material adverse effects on the confidentiality, integrity, and availability of our information systems and products. This program has been integrated into the Company's enterprise risk management processes. We design and assess our cybersecurity program based on the NIST Cybersecurity Framework (CSF) and industry best practices. We do not claim to comply with any technical standards, specifications, or requirements by using these frameworks. They are guides that help us to deal with the cybersecurity risks that are relevant to our business. Our cybersecurity program is integrated into our overall enterprise risk management program, and shares common methodologies, reporting channels and governance processes that apply across legal, compliance, operational, and financial risk areas. To this end, we have implemented a cybersecurity program that includes the following elements: ▪ A Chief Information Security Officer (CISO) responsible for developing and maintaining our administrative, technical, and physical cybersecurity controls. ▪ Periodic assessments designed to identify material cybersecurity risks to our critical systems and information. ▪ A Security Operations Center (SOC) to monitor our critical infrastructure and execute immediate, human-led responses to confirmed and suspected cyber security threats. ▪ External technology and security providers, where appropriate, to assess, test or otherwise assist with aspects of our cybersecurity program. ▪ External technology and security tools, where appropriate, to identify and mitigate threats. ▪ Cybersecurity awareness training for employees. ▪ A third-party risk management process and questionnaire for certain service providers and vendors who access sensitive information. ▪ A retained, trained incident response team and written procedures to navigate incident response lifecycles. ▪ Periodic cyber security drills designed to simulate potential cyber events and test our detection, response, and recovery capabilities. In the normal course of business, we are and have been the target of malicious cyber-attack attempts and have experienced other cybersecurity incidents. However, based on the information that we have to date, we have not identified risks from known material cybersecurity threats, including any prior cybersecurity incidents, that have materially affected the Company, including our operations, business strategy, results of operations, or financial condition. As of the date of this Annual Report on Form 10-K, the Company is not aware of any material risks from cybersecurity threats that are reasonably likely to do so. However, we cannot eliminate all risks from cybersecurity threats or provide assurances that the Company will not be materially affected by such risks or cyber incidents in the future. There can be no guarantee that our policies, programs and controls, and those of our third-party vendors, including those described in this section, will be sufficient to protect our information, information systems, products, or other property. Additional information on cybersecurity risks we face is discussed in Item 1A of Part I, "Risk Factors," which should be read in conjunction with the foregoing information. Risk Management and Strategy While we follow product cybersecurity best practices and comply with mandatory standards and regulations, our products and information systems are potentially subject to cyber risks of data leakage, privacy concerns, interrupted availability, and operational damages, including to customers and third parties. To protect our products and information systems from cybersecurity threats, we use various security controls and processes that help prevent, identify, escalate, investigate, resolve, and recover from identified vulnerabilities and security incidents in a timely manner. These include, but are not limited to, periodic cyber testing, code scanning and ongoing attack surface monitoring, threat intelligence monitoring, other monitoring and detection tools, and a coordinated vulnerability disclosure program to allow security researchers to assist us in identifying vulnerabilities in our products before they are exploited by malicious threat actors. Any reported vulnerability is analyzed and dealt with in accordance with its risk level and mitigation options. As part of our program to mitigate risk from cyber security threats, the Company actively evaluates and refines its cyber security tools and processes with the intention of reducing cyber security risks and aligning with the National Institute of Standards and Technology Cyber-security Framework for risk management. Features of our cybersecurity program include: ◦ Processes designed to comply with information security standards and privacy regulations, including the European Union's General Data Protection Regulation. ◦ Maintenance of an ISO 27001 Information Security Management Standard certification. ◦ Implementation of a variety of security controls, such as firewalls, endpoint detection tools and intrusion detection systems. ◦ Protection against Denial-of-Service attacks which prevent legitimate use of our services. ◦ Security events monitoring in a third party security operations center. 42 ◦ Development of incident response policies and procedures designed to initiate remediation and compliance activities in a timely manner. ◦ Implementation of data loss prevention tools. ◦ Implementing an ID management system to enforce granular role-based access controls. ◦ Integration of granular access controls at the network level. ◦ Performing penetration testing on products and networks. ◦ Administration of a phishing awareness program and an employee security training periodically and as part of onboarding. ◦ Engagement with a third-party, independent cyber security firm to conduct cyber security assessments of our systems and procedures. ◦ Employment of a responsible disclosure policy designed to help identify and fix any potential flaws in the company's services or products. Third Party Cybersecurity Oversight We have implemented governance processes designed to monitor, evaluate, and mitigate security risks that may arise from a relationship with a third party vendor, partner, or customer. These security measures include: ◦ Vendor security assessments - Evaluating the cybersecurity protections that key vendors employ, prior to and during engagement. ◦ Insurance risk assessments - Conducted by our insurance providers in order to evaluate cybersecurity related exposure. ◦ Operational Technology Security - Implementing security measures within some of our manufacturing facilities to enhance our cybersecurity protection. ◦ Secure customer data management - Solutions designed to safeguard customer data integrity and critical systems' integrity. We engaged a well-known external firm to audit our compliance with the European Union's NIS 2.0 Directive (the Directive on Security of Network and Information Systems). This audit is being conducted to confirm that our cybersecurity practices align with the latest regulatory requirements and best practices for managing the security of critical infrastructure and services. The Technology and Cyber Committee receives periodic reports from management on our cybersecurity program and risks. In addition, management updates the Technology and Cyber Committee, as necessary, regarding any material cybersecurity incidents, as well as any incidents with lesser impact potential. The Technology and Cyber Committee reports to our Board regarding its risk management functions, including those related to cybersecurity. Governance & Oversight The Board has delegated primary oversight of the our risks from cybersecurity threats to the Technology and Cyber Committee. Our management team, including our CISO, provides quarterly updates to our Technology and Cyber Committee and annually to the full Board regarding our cyber security activities and other developments impacting our digital security. We have protocols by which certain cyber security incidents are escalated within the Company and, where appropriate, reported to the Board and the Technology and Cyber Committee in a timely manner. At the management level, our CISO, who reports to our Chief Information Officer , is responsible for overseeing the assessment and management of our material risks from cyber security threats. Our CISO has extensive experience and knowledge in cyber security as a result of 20 years of experience of varied cybersecurity experience across various industries and domains. The CISO is informed about and monitors the prevention, detection, mitigation, and remediation of emerging cybersecurity threats. Our cybersecurity team is also informed of any potential Cyber security incidents through reports and alerts from retained cyber threat intelligence firms. 43

Company Information