EchoStar CORP 10-K Cybersecurity GRC - 2026-03-02

Page last updated on March 2, 2026

EchoStar CORP reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-03-02 06:04:50 EST.

Filings

10-K filed on 2026-03-02

EchoStar CORP filed a 10-K at 2026-03-02 06:04:50 EST
Accession Number: 0001104659-26-021817

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. CYBERSECURITY We recognize the importance of assessing, identifying, reviewing and managing material risks associated with cybersecurity threats, as such term is defined in Item 106(a) of Regulation S-K. These risks include, among other things: operational and legal risks including intellectual property theft or loss, fraud, extortion, harm to employees or customers and violation of data privacy or security regulation. Our framework is informed in part by the National Institute of Standards and Technology (NIST) Cybersecurity Framework, although this does not imply that we meet all requirements under NIST. We have a cybersecurity security program designed to identify, detect, and respond to threats and vulnerabilities, and protect the enterprise and respond and recover from cybersecurity events and incidents when they do occur. Our cybersecurity risk management program contributes significantly to the overall resilience and integrity of our business by, among other things, integrating the risk identification process in all major company initiatives and deployment processes, implementing a unified approach to managing both digital and traditional business risks, making continuous improvements and regularly reporting to management and the Board of Directors as a whole to ensure senior-level visibility. We regularly assess risks from cybersecurity and technology threats and monitor our information systems for potential vulnerabilities. We and certain third parties conduct regular reviews and tests of our information security program and also leverage, among other things, audits, tabletop exercises, penetration and vulnerability testing, cybersecurity maturity assessments, simulations and other exercises to evaluate the effectiveness of our information security program and improve our security measures and planning. In addition, we evaluate third-party risks and perform third-party risk management to assess, identify and mitigate risks from third parties such as vendors, suppliers and other business partners. We have experienced cyber-attacks and other malicious activities that disrupted our business in the past. Any future failure or disruption of our information technology infrastructure and communications systems or those of third parties that we use in our operations could harm our business in the future. We describe if and how risks from identified cybersecurity threats, including, but not limited to, as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect us , including our business strategy, results of operations or financial condition included as part of our risk factor disclosures at Item 1A of this Annual Report on Form 10-K. The Chief Information Security Officer (" CISO ") leads our information security organization responsible for overseeing our information security program. Our CISO has over 25 years of experience in various roles involving information security, including risk management and security leadership. Team members who support our information security program have relevant education, professional certifications and industry experience, including but not limited to, holding similar positions at large enterprises. The Cybersecurity team provides regular briefings, no less frequently than monthly, to senior management and other relevant teams on preparation for and, where possible prevention of cybersecurity incidents. These briefings involve risk remediation measures that should be taken to decrease, among other things, the likelihood and severability of incidents and to mitigate and manage their effects. The senior management and other members of management receive detailed updates on cybersecurity risks on a regular basis, no less frequently than monthly, or when significant risks or incidents are identified. These briefings enable the management team to, among other things, stay informed of the latest threats, assess the effectiveness of current security measures and make timely decisions on strategic security initiatives. In addition, the Board of Directors is regularly briefed, no less frequently than quarterly, on cybersecurity risks as part of its oversight functions and to ensure that cybersecurity practices align with the company's overall risk management framework and business objectives. We anticipate that we will continue to evaluate and address as needed our cybersecurity risk management, policies, structure, strategies and governance in order to meet our needs as the cybersecurity threat landscape evolves.

Company Information