Climb Global Solutions, Inc. 10-K Cybersecurity GRC - 2026-02-27

Page last updated on February 27, 2026

Climb Global Solutions, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-02-27 14:38:27 EST.

Filings

10-K filed on 2026-02-27

Climb Global Solutions, Inc. filed a 10-K at 2026-02-27 14:38:27 EST
Accession Number: 0001437749-26-006072

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Our Company maintains a cyber risk management program designed to identify, assess, manage, mitigate, and respond to cybersecurity threats. The Board of Directors and senior management devote significant resources to cybersecurity and risk management processes to adapt to the changing cybersecurity landscape and respond to emerging threats in a timely and effective manner. We regularly assess the threat landscape with a layered cybersecurity strategy based on prevention, detection, and mitigation. Our IT team reviews enterprise risk management-level cybersecurity risks annually. In addition, we have a set of Company-wide policies and procedures concerning cybersecurity matters, such as encryption standards, antivirus protection, remote access, multifactor authentication, confidential information and the use of internet, social media, email, and personal devices. The policies include standards from, among others, the National Institute of Standards and Technology framework, Payment Card Industry Data Security Standards and the Center for Internet Security Standards and are reviewed and approved by appropriate members of management. Employees must be aware of the Company's security policies and acknowledge their understanding and compliance to each of the policies annually. The Board of Directors oversees the Company's cybersecurity risk exposures, with primary oversight responsibility delegated to the Audit Committee. In accordance with its charter, the Audit Committee periodically reviews and discusses with management the Company's cybersecurity and data privacy risks, the policies and procedures implemented to monitor and mitigate those risks, the adequacy of information technology and cybersecurity controls, and reports regarding cybersecurity incidents, assessments and remediation efforts, as appropriate. The Chief Information Officer oversees the IT team and is responsible for developing and implementing our information security program and reporting on cybersecurity matters to the Audit Committee. We view cybersecurity as a shared responsibility, and we periodically perform simulations and tabletop exercises at a management level and incorporate external resources and advisors as needed. All employees are required to complete cybersecurity trainings through online training modules. Our IT team regularly monitors alerts and meets to discuss threat levels, trends and remediation plans as needed. Additionally, we conduct periodic penetration tests to assess our processes and procedures to ensure we have a robust cybersecurity program. The Company faces risks from cybersecurity threats that could have a material adverse effect on our business, financial condition, results of operations, cash flows or overall reputation. Although we will continue to face such risks during our normal course of business, to date, they have not materially affected our business, financial position and results of operations. See "Failure to adequately maintain the security of our electronic and other confidential information could materially adversely affect our financial condition and results of operations" in Item 1A. Risk Factors.

Company Information