Page last updated on February 26, 2026
Cactus, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-02-26 16:50:16 EST.
Filings
10-K filed on 2026-02-26
Cactus, Inc. filed a 10-K at 2026-02-26 16:50:16 EST
Accession Number: 0001628280-26-012377
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
Item 1C. Cybersecurity Risk Management and Strategy. We depend on information systems and related technologies for internal purposes, including secure data storage, processing, and transmission, as well as in our interactions with our business associates, customers, and suppliers. We also rely on third-party business associates, with whom we may share data and services, to defend their digital technologies and services against attack. Managing Material Risks & Integrated Overall Risk Management We have integrated cybersecurity risk management into our broader risk management framework to promote a company-wide culture of cyber risk awareness. We depend on various controls, policies, procedures and programs ("Risk Controls") to manage our risks, including risks associated with our information systems. Risks Assessment and Risk Controls are included as part of our annual enterprise risk management ("ERM") program. Our risk controls include our administrative, physical, and technical controls ("Cyber Risk Controls"). We are dependent on our Cyber Risk Controls to protect our information systems and the data that resides on or is transmitted through them. The Cyber Risk Controls are in many cases integrated with our other Risk Controls in an attempt to maximize their effectiveness. Engaging Third Parties on Risk Management We collaborate with our clients, vendors and other third parties to develop information systems and protect against cybersecurity threats. We engage third-party security experts for risk assessments and program enhancements. Managing Third Party Risk There are risks associated with the use of vendors, service providers and other third parties that provide information system services to us, process information on our behalf, or have access to our information. We evaluate third-party service providers' cybersecurity posture and seek to mitigate risk through contractual safeguards, monitoring, and incident response plans. Risks from Cybersecurity Incidents While we have experienced and will likely continue to experience varying degrees of cyber incidents in the normal conduct of our business, including attacks resulting from phishing emails and malware infections, those incidents have not materially affected the Company's business strategy, results of operations, or financial condition. There can be no assurance that the systems we have designed to prevent or limit the effects of cyber incidents or attacks will be sufficient to prevent or detect future material consequences arising from incidents or attacks, or to avoid a material adverse impact on our systems after such incidents or attacks do occur. However, the Company does not currently anticipate that risks from cybersecurity threats are reasonably likely to materially affect the Company, including its business strategy, results of operations, or financial condition. Governance. Risk Management Personnel Our Information Technology ("IT") Director of Cybersecurity and Networking has direct responsibility for assessing, monitoring and managing risks related to cybersecurity threats in conjunction with the Senior Vice President of IT and Chief Information Officer. Third party experts and/or consultants are retained to help identify, assess and monitor cybersecurity incidents and related risks. Our IT Director of Cybersecurity and Networking has been in that position with the Company since 2019 and, including prior experience, has significant experience in managing IT infrastructure, architecture and security. Our Senior Vice President of IT and Chief Information Officer joined the Company in 2025. Over his extensive career, he has developed substantial expertise in enterprise resource planning, infrastructure, applications, IT architecture and cyber security, including experience in areas closely aligned with the Company's operations. Monitoring Cybersecurity Risks and Incidents Our IT Director of Cybersecurity and Networking meets regularly with members of our executive team to discuss and review risks related to cybersecurity. The reviews may include evaluations of risks and incidents identified by third-party providers retained to review our cyber risk as well as cybersecurity threat scenario planning. Identified risks related to cybersecurity threats may also be analyzed as part of our ERM process. Board of Director Oversight Our Audit Committee is responsible for oversight of our programs and procedures related to cybersecurity risk. Management provides periodic reports to the Audit Committee on cybersecurity risk. The Audit Committee reports significant findings from these reports to the full Board of Directors.
Company Information
| Name | Cactus, Inc. |
| CIK | 0001699136 |
| SIC Description | Oil & Gas Field Machinery & Equipment |
| Ticker | WHD - NYSE |
| Website | |
| Category | Large accelerated filer |
| Fiscal Year End | December 31 |