LEMAITRE VASCULAR INC 10-K Cybersecurity GRC - 2026-02-26

Page last updated on February 26, 2026

LEMAITRE VASCULAR INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-02-26 07:01:03 EST.

Filings

10-K filed on 2026-02-26

LEMAITRE VASCULAR INC filed a 10-K at 2026-02-26 07:01:03 EST
Accession Number: 0001193125-26-073360

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cyb ersecurity Risk Management and Strategy LeMaitre Vascular recognizes the critical importance of developing, implementing, and maintaining robust cybersecurity measures to safeguard our information systems and protect the confidentiality, integrity, and availability of our data. We maintain a cybersecurity risk management program designed to identify, assess, manage, mitigate, and respond to cybersecurity threats. Our cybersecurity program is overseen by our Senior Vice President, Information Technology, or SVP IT, who has more than 25 years of experience in information technology. Managing Material Risks & Integrated Overall Risk Management We have strategically integrated cybersecurity risk management into our broader risk management framework to promote a company-wide culture of cybersecurity risk management, with the goal of ensuring that cybersecurity considerations are an integral part of our decision-making processes. For employees that require network access, we require new employees to complete cybersecurity training upon onboarding and require employees to complete cybersecurity training annually. Our IT department continuously evaluates and addresses cybersecurity risks during our risk assessment process, in alignment with our business objectives and operational needs. Engage Third-Parties on Risk Management Recognizing the complexity and evolving nature of cybersecurity threats, we engage with external experts, including cybersecurity assessors and consultants, to evaluate and test our risk management systems. Our collaboration with third-parties includes periodic audits, threat assessments, and consultation on security enhancements. Oversight of Third-party Risk Using a risk-based approach, we review third-party service providers as part of our IT general controls, particularly focusing on financial risk and the third-party applications and controls around that risk. Risks from Cybersecurity Threats For a discussion of risks related to cybersecurity, see the risks titled, "Item 1A. Risk Factors - Risks Related to Our Business - Cybersecurity breaches, loss of data and other disruptions could compromise sensitive information related to our business or prevent us from accessing critical information and expose us to liability, which could adversely affect our business and our reputation." and "- We depend on our information technology and telecommunications systems, and any failure of these systems could harm our business." 37 Governance Our Board of Directors is aware of the critical nature of managing risks associated with cybersecurity threats. The Board has established oversight mechanisms to ensure effective governance in managing risks associated with cybersecurity threats because we recognize the significance of these threats to our operational integrity and stakeholder confidence. Board of Directors Oversight The Audit Committee is central to our Board's oversight of cybersecurity risks and bears the primary responsibility for this domain. On a periodic basis, our Audit Committee reviews the adequacy of our computer systems controls, cybersecurity risk management, and related governance and incident disclosures. Management ' s Role Managing Risk Our SVP IT and our Chief Financial Officer, or CFO, report to our Audit Committee on cybersecurity risks. They provide comprehensive briefings to the Audit Committee on a regular basis, with a minimum frequency of once per year. These briefings cover a broad range of topics, including: - current cybersecurity landscape and emerging threats; - status of ongoing cybersecurity initiatives and strategies; - incident reports and learnings from any cybersecurity events; and - compliance with regulatory requirements and industry standards. In addition to our scheduled meetings, the Audit Committee, our SVP IT and our CFO maintain an ongoing dialogue regarding emerging or potential cybersecurity risks. Risk Management Personnel Primary responsibility for assessing, monitoring and managing our cybersecurity risks rests with our SVP IT . As each relates to cybersecurity, our SVP IT leads testing of our compliance with standards, remediation of known risks, and our employee training program. Monitor Cybersecurity Incidents Our SVP IT leads our implementation and oversight of processes for the regular monitoring of our information systems. We have developed a cybersecurity incident response plan that is overseen by our SVP IT and that includes immediate actions to mitigate the impact and longer-term strategies for remediation and prevention of future incidents. Reporting to Audit Committee and Board of Directors Our SVP IT regularly informs the CFO about matters related to cybersecurity risks and incidents. Together, our SVP IT and CFO then update our Audit Committee and Board of Directors on significant cybersecurity matters, and strategic risk management.

Company Information