MSC INCOME FUND, INC. 10-K Cybersecurity GRC - 2026-02-27

Page last updated on February 27, 2026

MSC INCOME FUND, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-02-27 11:57:36 EST.

Filings

10-K filed on 2026-02-27

MSC INCOME FUND, INC. filed a 10-K at 2026-02-27 11:57:36 EST
Accession Number: 0001535778-26-000026

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Main Street and MSC Income's Adviser maintain, and routinely review and evaluate their and the Fund's information technology ("IT") and cybersecurity policies, practices and procedures (the "Cybersecurity Program"), which includes processes for assessing, identifying and managing material risks from cybersecurity threats. The Cybersecurity Program has various policies and procedures including a Cyber Incident Response Plan as part of Main Street's Crisis Management Plan. The Cybersecurity Program is administered by Main Street's Head of IT and Cybersecurity, who is managed on a day-to-day basis by Main Street's General Counsel and overseen by Main Street's IT Steering Committee consisting of Main Street's Chief Executive Officer, Main Street's Chief Operating Officer and Main Street's General Counsel. Main Street's General Counsel also serves as the crisis response team leader in connection with any material cybersecurity incident under the Cyber Incident Response Plan, with Main Street's Chief Operating Officer and Main Street's Head of IT and Cybersecurity also included on the crisis response team. Main Street and MSC Income's Adviser also utilize the services of IT and cybersecurity advisers, consultants and experts in the evaluation and periodic testing of Main Street's IT and cybersecurity systems, to recommend improvements to the Cybersecurity Program and in connection with any cybersecurity incident. Main Street's Head of IT and Cybersecurity has over 11 years of experience advising on and managing risks from cybersecurity threats as well as developing and implementing cybersecurity systems, policies and procedures. Main Street's General Counsel has served in his oversight function as General Counsel for over 17 years and previously as Main Street's Chief Compliance Officer for over 12 years, during which time he has gained expertise in assessing and managing risk applicable to the Fund. Similarly, each of Main Street's Chief Executive Officer and Main Street's Chief Operating Officer have served in various executive management roles at the Fund and, in the case of Main Street's Chief Operating Officer, other publicly traded organizations, involving extensive oversight and management of risks, including cybersecurity related risks, for over 21 years . As part of MSC Income's overall risk management process, management engages at least annually in an enterprise risk management review and evaluation, during which management reviews the principal risks relating to MSC Income's business and operations. Included in this process is a review and evaluation of risks relating to the Cybersecurity Program. Additionally, as part of MSC Income's Rule 38a-1 compliance program, the Fund reviews at least annually the compliance policies and procedures of key service providers, including its Adviser and Main Street, including documentation discussing each service providers' information security and privacy controls. Any failure in MSC Income's or its key service providers' cybersecurity systems could have a material impact on the Fund's operating results. See Item 1A. Risk Factors - General Risk Factors - The failure in cybersecurity systems, as well as the occurrence of events unanticipated in MSC Income's and the Adviser's disaster recovery systems and management continuity planning could impair MSC Income's ability to conduct business effectively. MSC Income's Board of Directors as a whole has responsibility for the Fund's risk oversight, with reviews of certain areas being conducted by the relevant committees of the Board of Directors that report on their deliberations to the full Board of Directors. The oversight responsibility of the Board of Directors and its committees is enabled by management reporting processes that are designed to provide visibility to the Board of Directors about the identification, assessment and management of critical risks and management's risk mitigation strategies. Oversight of risks relating to IT and cybersecurity has been delegated by MSC Income's Board of Directors to its Audit Committee. The Audit Committee includes members of the Board of Directors who, in addition to each being designated as an "audit committee financial expert," possess backgrounds and experience which MSC Income believes enable them to provide effective oversight of MSC Income's IT and cybersecurity risks. MSC Income's management routinely reports to the Audit Committee on the status of the Cybersecurity Program and material risks from cybersecurity threats at the Audit Committee's quarterly meetings. Such reports generally detail any testing, observations or developments concerning the Cybersecurity Program that occurred during the prior quarter. The results of periodic testing related to the Cybersecurity Program are also described in the Chief Compliance Officer's annual report to the Board of Directors, provided pursuant to Rule 38a-1 under the 1940 Act. The crisis response team leader also collaborates with the Audit Committee chair to ensure that the Board of Directors is apprised of any material cybersecurity incident. During the reporting period, the Fund has not identified any impacts from cybersecurity threats, including as a result of previous cybersecurity incidents, that the Fund believes have materially affected, or are reasonably likely to materially affect, the Fund, including its business strategy, operational results and financial condition.

Company Information