BENTLEY SYSTEMS INC 10-K Cybersecurity GRC - 2026-02-26

Page last updated on February 26, 2026

BENTLEY SYSTEMS INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-02-26 16:12:29 EST.

Filings

10-K filed on 2026-02-26

BENTLEY SYSTEMS INC filed a 10-K at 2026-02-26 16:12:29 EST
Accession Number: 0001031308-26-000007

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity We maintain a comprehensive process for: (i) identifying the assets, threats, and vulnerabilities that affect our information systems and networks; (ii) analyzing the likelihood and impact of potential cyberattacks on our assets, operations, and objectives; (iii) evaluating the existing cybersecurity controls and measures that we have in place to prevent, detect, and respond to cyberattacks; and (iv) implementing and monitoring the appropriate cybersecurity solutions and practices that reduce our cyber risk exposure and enhance our cyber resilience . In doing so, our Information Security Team, which is comprised of dedicated privacy and security professionals and run by our Chief Information Security Officer ("CISO"), stays abreast of security industry and threat trends, and regularly seeks to improve our cybersecurity risk management program. Our executive leadership team, with input and guidance from our CISO, is responsible for our overall enterprise risk management system and processes, and regularly considers cybersecurity risks in the context of other material risks to the Company. Our CISO, who has over 15 years' experience in cybersecurity and 30 years' experience in software engineering, design, and development, has been with the Company for more than ten years and has helped grow the Company's Information Security Team into its current mature form. As part of our overall cybersecurity strategy, as and when we detect cybersecurity threats, our Information Security Team documents the relevant incident details, assesses the impact and severity of it, identifies the root cause and corrective actions, and communicates the incident to our CISO and any other relevant parties as needed. We also seek to address cybersecurity risks associated with our third-party vendors by making our Information Security Team a key part of relevant vendor onboarding, whereby we conduct comprehensive risk assessments of such vendors' cybersecurity policies and practices. When necessary, we utilize third party auditors and consultants to assess third-party cybersecurity risks, and we consult with outside counsel as appropriate, including on materiality analysis and disclosure matters . Our senior management makes the final materiality determinations and disclosure and other compliance decisions. Our full Board of Directors has oversight responsibility for risks and incidents relating to cybersecurity risk. The Board of Directors reviews and discusses with management our policies and practices regarding risk assessment and management, including planning regarding business continuity and cybersecurity. In addition, the Board of Directors receives regular reports from management on cybersecurity matters, including areas such as strategic plans and programs, threat intelligence, major cybersecurity risk areas, regulations, and cybersecurity incidents. Our management team, including our Chief Information Officer ("CIO"), Chief Technology Officer ("CTO"), and Chief Legal Officer ("CLO"), are responsible for assessing and managing material risks from cybersecurity threats, including supervision of our internal security incident response team. Each of these leaders have extensive experience assessing and managing cybersecurity programs and risk. Our CIO joined Bentley in 2025 and is responsible for the Company's internal technology infrastructure, systems, data, and security. Our CIO has over 25 years of experience as a technologist across a wide variety of industries. She brings significant experience leading enterprise technology organizations and developing cybersecurity and data-protection practices to support large-scale operational environments. Our CTO joined Bentley in 2021 and is the principal architect of the Company's technology directions. Our CTO has over 20 years of technology leadership experience in startups, scaleups, and large organizations. His strategic role includes ensuring that our software development and engineering are secure, resilient, and aligned with risk management needs. Our CLO has been with Bentley since 1998 and is responsible for the day-to-day operations of the global Law and Corporate Advancement team. Our CLO brings deep expertise in legal and regulatory frameworks, including cybersecurity and data protection, ensuring the organization's compliance with evolving regulations. He leads a global privacy team focused on best practices in safeguarding sensitive information and proactively manages risks related to cyber threats and privacy concerns. 30 Table of C ontents Our management team brings extensive expertise in identifying and addressing cybersecurity risks across enterprise operations, encompassing information technology, information security, privacy and data protection, product security, physical security, and legal and regulatory considerations. Additionally, our leadership team has substantial experience in overseeing risk management programs and possesses a deep understanding of the challenges faced by enterprise organizations. Their significant operational background enables them to offer valuable guidance in developing, executing, and evaluating our strategic operating plan. Our business strategy, results of operations, and financial condition have not been materially affected by risks from cybersecurity threats, but we cannot provide assurance that they will not be materially affected in the future by such risks or any future material incidents. For more information on our cybersecurity related risks, refer to Item 1A. Risk Factors of this Annual Report on Form 10-K.

Company Information