Kodiak Gas Services, Inc. 10-K Cybersecurity GRC - 2026-02-26

Page last updated on February 26, 2026

Kodiak Gas Services, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-02-26 16:35:39 EST.

Filings

10-K filed on 2026-02-26

Kodiak Gas Services, Inc. filed a 10-K at 2026-02-26 16:35:39 EST
Accession Number: 0001767042-26-000012

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Strategy, Governance and Risk Management We maintain a cyber risk management program designed to identify, assess, manage, mitigate, and respond to cybersecurity threats, including the assessment of cybersecurity risks related to third-party vendors and suppliers. This program is integrated within the our enterprise risk management process to ensure that cybersecurity considerations are an integral part of our decision-making process and the results of the risk assessment, which occurs at least annually, along with mitigation strategies, are discussed with our Board of Directors and the Audit & Risk Committee. The underlying controls of the cyber risk management program are based on recognized best practices and standards for cybersecurity and information technology, including the National Institute of Standards and Technology ("NIST") Cybersecurity Framework ("CSF") and the International Organization Standardization ("ISO") 27001 Information Security Management System Requirements. We undergo an annual third-party assessment of our cyber risk management program against the NIST CSF . Cyber vendors serve as partners and are a key part of our cybersecurity infrastructure. We engage leading cybersecurity firms and leverage third-party technologies and expertise to help monitor and maintain the performance and effectiveness of the products and services deployed across our operating environment. As a part of this strategy, we supplemental our internal cybersecurity team with an outsourced Cyber Security Operations Center providing monitoring of the cybersecurity environment and to coordinate the investigation and remediation of alerts. We also maintain an incident response drill program that is designed to prepare our teams for responding to significant cybersecurity events. Our cybersecurity team is led by our Chief Information Officer (the "CIO"), who has extensive experience overseeing cybersecurity functions at multiple private and public companies over the last 20 years, including roles as chief information officer and vice president of systems and technology. The CIO holds a Bachelor of Science degree in computer and information science. The CIO is supported by two full-time internal employees with backgrounds in cybersecurity, risk management and incident response. These individuals are both military veterans versed in forensic analysis and regulatory compliance and combined have decades of cybersecurity experience in the private and public sectors. They each have a Master's degree in cybersecurity, extensive military training and several industry certifications. We further augment our cybersecurity team with an outsourced Chief Information Security Officer (the "CISO") who reports to the CIO . The CISO is an information systems security professional with 25 years of cybersecurity leadership. The CIO, CISO and cybersecurity team are responsible for assessing and managing our cyber risk management program, informs senior management regarding the prevention, detection, mitigation, and remediation of cybersecurity incidents and supervises such efforts. The cybersecurity team has decades of experience selecting, deploying, and operating cybersecurity technologies, initiatives, and processes around the world, and relies on threat intelligence as well as other information obtained from governmental, public or private sources, including external consultants engaged by us. We face risks from cybersecurity threats that could have a material adverse effect on our business, financial condition, results of operations, cash flows or reputation. We have experienced, and despite our security measures will continue to experience, cyber incidents in the normal course of our business, some of which may be material. Cybersecurity attacks are constantly evolving, may be difficult to detect quickly, and often are not recognized until after they have been launched against a target. For example, the emergence of artificial intelligence has provided additional tools for those who perpetrate these attacks, including through social engineering, the development of customized malware, and an enhanced ability to evade detection. However, as of the date hereof, we do not believe that any prior cybersecurity incidents have had, or that any risks from cybersecurity threats are reasonably likely to have a material adverse effect on our business, financial condition, results of operations, or cash flows. See "Risk Factors - Risks Related to Intellectual Property, Information Technology and Cybersecurity-Kodiak has experienced cybersecurity incidents or IT system disruptions in the past, and cybersecurity breaches or IT system disruptions may adversely affect Kodiak's business in the future." Board Oversight Given the importance to our business and the heightened risk, the Audit & Risk Committee oversees the process of reviewing our cybersecurity risks, including cybersecurity exposures and the steps taken by management to monitor and control such exposures. Our Board reviews any actions and mitigating strategies regarding any identified cybersecurity risks. The cybersecurity team provides periodic updates to the Audit & Risk Committee on the effectiveness of our cyber risk management program. In addition, cybersecurity risks are reviewed by our Board of Directors and the Audit & Risk Committee, at least annually, as part of the Company's enterprise risk management program.

Company Information