Slide Insurance Holdings, Inc. 10-K Cybersecurity GRC - 2026-02-27

Page last updated on March 2, 2026

Slide Insurance Holdings, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-02-27 17:34:28 EST.

Filings

10-K filed on 2026-02-27

Slide Insurance Holdings, Inc. filed a 10-K at 2026-02-27 17:34:28 EST
Accession Number: 0001193125-26-083277

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. We rely on digital technology to conduct our businesses and interact with customers, policyholders, agents, and vendors. With this reliance on technology comes the associated security risks from using today's communication technology and networks. Risk Management and Strategy The goal of our cybersecurity risk management strategy is to protect the privacy, integrity, and availability of our critical systems and information. Our processes identify, assess, and manage material risk from cybersecurity threats as part of our entity-wide risk management efforts. To safeguard our data and the data of our customers, management utilizes a multi-layered approach consisting first of an external security operations center company that specializes in the detection and containment of cyber-attacks. For protection of endpoint devices connected to our network, we use the tailored security software of a third-party consultant company for managed detection and response. Perimeter defense technology is used to filter e-mail for threats from malware viruses and e-mail phishing attempts. We also detect threats through the use of our firewalls that monitor incoming and outgoing network traffic. Tools utilized to prevent threats include multifactor authentication, e-mail security services, mobile e-mail security policies, virtual private networks, third-party security experts, and timely applied software patches, among others. We engage in annual penetration testing, disaster recovery testing, internal and external audits of our cybersecurity controls and simulated cyberattack scenarios to gauge our preparedness for these situations. In addition, employees are required to pass a mandatory cybersecurity training course annually and receive periodic phishing simulations to facilitate recognizing phishing attempts. We carry cyber insurance which provides us access to relevant security expertise. Management of cybersecurity also extends to third-party service providers we use for specialized purposes such as payroll processing, investment tracking, regulatory financial reporting, and equity compensation plan administration. Our communication with these providers is protected by the safeguards within our security operation center. We respond to cybersecurity events in accordance with our Slide Incident Response Plan (IRP), which defines procedures for incident logging, assessment, investigation, response, mitigation, and required regulatory reporting to minimize business impact. This follows the guidance of the National Institute of Standards and Technology Cybersecurity Framework and provides for assessment, mitigation, and if necessary, remediation of any effects of a system breach. We also conduct annual breach simulations with internal information technology teams to test each step of our IRP. There have been no cybersecurity incidents in the past that have materially affected the Company's business strategy, results of operations, or financial condition. Although we believe our defenses against cyber-intrusions are sufficient, we continue to update our prevention programs to respond to sophisticated and rapidly evolving attempts to overcome our security 53 measures. Such continuing threats could have a variety of adverse business impacts. See Item 1A - "Risk Factors" above for additional information on risks to our business from cybersecurity incidents and related matters. Governance Cybersecurity is a critical component of our overall risk management process. Our Board of Directors oversees our cybersecurity efforts as delegated to and performed by senior management which is responsible for the identification and assessment of material risks from cybersecurity incidents. The members of management responsible for managing cybersecurity threats are the Company's Chief Information Officer ("CIO") and, Chief Information Security Officer ("CISO") . The CIO and CISO have over 20 years of experience in managing information systems including the defense of computer networks against cyber intrusions. These members of management are informed about and monitor the prevention, mitigation, detection, and remediation of cybersecurity incidents through their management of, and participation in, the cybersecurity risk management and strategy processes described above, including the operation of our incident response plan. The CISO, in particular, is dedicated to overseeing our multi-layered cybersecurity defenses and leads periodic security meetings. Our Board receives periodic reports from management on cybersecurity risks and any material cybersecurity incidents .

Company Information