Qnity Electronics, Inc. 10-K Cybersecurity GRC - 2026-02-26

Page last updated on February 26, 2026

Qnity Electronics, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-02-26 16:39:08 EST.

Filings

10-K filed on 2026-02-26

Qnity Electronics, Inc. filed a 10-K at 2026-02-26 16:39:08 EST
Accession Number: 0002058873-26-000010

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY. Risk Management and Strategy Cybersecurity is integrated into Qnity's enterprise risk management framework. Under the leadership of our Chief Information Security Officer (CISO), we identify critical assets, assess vulnerabilities, and implement layered controls guided by recognized frameworks such as the National Institute of Standards and Technology (NIST) Cybersecurity Framework. Our controls include multi-factor authentication, privileged access management, network segmentation, continuous monitoring, and phishing simulations. We maintain documented policies governing remote access, encryption, device security, email usage, and data handling. Engagement of Third-Party Services We engage managed security service providers and independent experts for penetration testing, vulnerability assessments, and program reviews. These engagements supplement internal resources and help our cybersecurity posture to remain current. In addition, in connection with our Separation, we entered into Transition Services Agreements, pursuant to which DuPont will continue to provide certain information technology, administrative and other services on a transitional basis. Oversight of Third-Party Risk Qnity maintains a risk-based vendor risk management program that incorporates, as appropriate, pre-engagement due diligence, contractual security requirements, and ongoing monitoring of third-party providers. This process is designed to support the identification and mitigation of cybersecurity-related risks associated with external services . Governance Cybersecurity oversight resides with our Board's Audit Committee, which receives periodic reports from senior leadership. Cybersecurity updates are also provided to the full Board as needed. The CISO reports to the Chief Information Officer (CIO). Updates include information related to threat trends, incident metrics, and third-party risk management activities. Our Board periodically reviews its composition to ensure appropriate cybersecurity expertise. Incident Response and Monitoring Our cybersecurity risk assessment and management processes are implemented and maintained by certain members of our management team, including our CISO and our CIO. Our CISO has over twenty years of experience in information security leadership, including serving as CISO of two other multinational companies, holds master's degrees in computer science and mechanical engineering, and is CISSP certified. Our CIO has over five years of experience in senior executive roles that involve oversight of cybersecurity matters and holds a master's degree in information and knowledge strategy. We maintain a formal Cybersecurity Incident Response Plan that classifies incidents into severity levels and defines escalation paths. Material incidents trigger immediate notification to senior management and the Board . Supported by internal teams and external partners, our 24/7 monitoring supports timely detection and response. Post-incident reviews drive continuous improvement. Employee Training All employees are required to complete mandatory annual cybersecurity training covering phishing awareness, data protection, mobile security, and insider threat prevention. We also conduct periodic phishing simulations and targeted refreshers for high-risk roles. Risks from Cybersecurity Threats Our systems are subject to evolving threats such as ransomware, phishing, and denial-of-service attacks. For a description of the risks from cybersecurity threats that may materially affect us and how those risks may affect us, see "Our business, results of operations, financial condition and cash flows could be adversely affected by interruption or regulation of our information technology or network systems and storage of information and other business disruptions. Our actual or perceived failure to comply with laws and regulations regarding data privacy could also lead to regulatory investigations, litigation, fines, or other adverse business consequences" under Part I, Item 1A. Risk Factors in this Annual Report.

Company Information