NIQ Global Intelligence plc 10-K Cybersecurity GRC - 2026-02-27

Page last updated on February 27, 2026

NIQ Global Intelligence plc reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-02-27 07:02:55 EST.

Filings

10-K filed on 2026-02-27

NIQ Global Intelligence plc filed a 10-K at 2026-02-27 07:02:55 EST
Accession Number: 0001628280-26-012572

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy We have developed and implemented a cybersecurity strategy and risk management program designed to protect the confidentiality, integrity and availability of our systems and information. This program is integrated into our enterprise risk management framework and informed by recognized industry practices, including the NIST Cybersecurity Framework, CIS Critical Security Controls and the ISO/IEC 27001:2022 Framework. The key elements of our cybersecurity risk management program are described below: We utilize internal information technology resources for the primary aspects of our cybersecurity program. Our internal team is supported by external service providers and consultants as needed. We conduct ongoing cybersecurity program maturity assessments and business impact analyses to identify critical processes, sensitive data and potential operational disruptions. These assessments help us prioritize risks from cybersecurity threats and allocate resources effectively. We perform ongoing vulnerability assessments of our internal and external environments along with independent pressure testing (including penetration testing) by third-party organizations to independently evaluate the real-world efficacy of our cybersecurity program. These assessments supplement our internal reviews and are designed to ensure the effectiveness of our controls and risk mitigation of new cybersecurity vulnerabilities. We utilize third-party service providers for certain business operations. We have established processes to assess and monitor cybersecurity risks associated with these service providers. Our reviews include evaluating providers' SOC 2 Type II, or other relevant security audit reports, assessing incident response strategies and conducting ongoing monitoring of significant changes throughout our relationship with the provider. Our risk management program monitors for risk to our systems and services presented by these service providers and promotes strategies to address any threats identified. We employ a multi-layered defense approach to cybersecurity leveraging our people, external resources, controls, tools and automated platforms to reduce the risk that could result from a cybersecurity incident. We maintain a documented cybersecurity incident response plan that outlines the steps to respond to cybersecurity incidents. This plan is periodically tested, and we retain external forensic support, if required, for material incidents. Finally, we provide recurring cybersecurity training and awareness programs for employee, leveraging actual scenarios to validate and improve our cybersecurity incident response plan and ensure that our management understands its roles and responsibilities if a cybersecurity incident were to occur. 57 T a b l e o f C o n t e n t s Our cybersecurity strategy and risk management program interfaces with other functional areas within the NIQ, including our business segments, legal, compliance, human resources and internal audit departments, and is overseen by management as part of our enterprise risk management process. We have not identified incidents from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected our business or financial condition. However, there can be no assurance that we will not suffer a significant event in the future as we continue to face ongoing risks from cybersecurity threats that, if realized, could be reasonably likely to materially affect us, including our operations, business strategy, results of operations, financial condition or cash flows. For more information on how cybersecurity risk may materially affect our business, financial positions, results of operations or cash flows, please see Part I, Item 1A. Risk Factors hereof. Governance The Audit Committee of o ur Board of Directors oversees cybersecurity risk as part of its broader risk oversight responsibilities. The Audit Committee has primary responsibility for evaluating our cybersecurity risk management program, monitoring major cybersecurity risk exposures and reviewing the steps management has taken to assess, identify and manage these exposures, including policies and procedures for risk mitigation and compliance with applicable legal and regulatory requirements. Management is responsible for implementing cybersecurity strategy and managing day-to-day risks. Key roles include our Chief Security Officer and our CTO, who reports directly to our CEO. The Chief Security Officer leads our cybersecurity risk management program, ensuring alignment with business objectives and strategy and supervising internal cybersecurity personnel and external cybersecurity service providers. The CTO provides strategic oversight of the Chief Security Officer's duties, technology infrastructure and execution of cybersecurity initiatives. Both the Chief Security Officer and CTO have over 15 years of experience in cybersecurity leadership roles, including prior positions at publicly traded companies. Our Chief Security Officer has extensive experience developing and implementing cybersecurity programs in banking and the credit reporting industry and holds relevant industry certifications, including the Digital Directors Network Qualified Technology Expert ("QTE") certification, while our CTO previously served as CTO and Chief Information Officer ("CIO") for a NYSE listed credit reporting agency prior to joining the NIQ. As part of our defined cybersecurity policies and cybersecurity incident response plan, management is regularly updated on the status of the execution of our cybersecurity strategy and daily operations of the program. This includes regular reporting and evaluation of significant cybersecurity incidents. Updates on cybersecurity program performance, incident response readiness and emerging threats are provided to the appropriate internal risk committees as needed. Our CTO, supported by our Chief Security Officer, provides quarterly reports to the Audit Committee, which generally include: - Our current cybersecurity risk profile; - Any changes to our cybersecurity strategy; - Status of the execution of the cybersecurity strategy; and - A summary of any material cybersecurity incidents, including nature, impact and remediation. In the event of a material cybersecurity incident, communication to the Audit Committee of the Board of Directors occurs promptly, pursuant to our cybersecurity incident response plan.

Company Information