SharkNinja, Inc. 10-K Cybersecurity GRC - 2026-03-02

Page last updated on March 2, 2026

SharkNinja, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-03-02 16:05:30 EST.

Filings

10-K filed on 2026-03-02

SharkNinja, Inc. filed a 10-K at 2026-03-02 16:05:30 EST
Accession Number: 0001957132-26-000015

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Cybersecurity Risk Management and Strategy SharkNinja utilizes the National Institute of Standards and Technology ("NIST") Cybersecurity Framework ("CSF") as the foundation of the Company's commitment to effective cybersecurity risk management, which is integrated into our overall risk management processes . The NIST CSF is implemented across the organization to embed risk management processes that address critical information technology risk by applying its key functions for assessing, managing and mitigating cyber risks over time as follows: 1. Identify: The Enterprise Risk Committee of the Company, including the Chief Financial Officer, Chief Legal Officer, Chief Information Officer, Chief People Officer and Chief Operating Officer, identifies and prioritizes information assets, business processes, and systems critical to its operations and performs risk assessments to identify potential threats and vulnerabilities. 2. Protect: Measures are in place designed to safeguard information assets, including access controls, encryption, secure configurations and leading cybersecurity software and tools. Employee training programs promote awareness of real-world cyber-threats and adherence to cybersecurity policies. 3. Detect: The Company utilizes current technologies in an effort to detect and respond to cybersecurity events promptly. Monitoring and incident response plans are integral components of our cybersecurity posture and are supported by a third-party managed security services provider (MSSP) in addition to an internal security operations team. 4. Respond: In the event of a cybersecurity incident, the Company follows a defined incident response plan designed to contain, mitigate, evaluate and recover from the impact of cybersecurity incidents. The MSSP platform enables AI-based automated incident response capabilities that reduce time to contain cybersecurity events. Communication protocols are established to notify relevant stakeholders promptly. Third-party forensic investigation and legal firms augment the Incident Response Team to provide specialized services if needed. 5. Recover: The Company maintains comprehensive backup and recovery procedures to help ensure the timely restoration of information assets in the event of a cybersecurity incident. Lessons learned from incidents are used to enhance future resilience. We rely extensively on information technology ("IT") systems, networks and services, including internet sites, data hosting and processing facilities and tools and other hardware, software and technical applications and platforms, some of which are managed, hosted, provided and/or used by third parties or their vendors, to assist in conducting our business. Our IT systems have been, and will likely continue to be, subject to computer viruses or other malicious codes, unauthorized access attempts, phishing and other cyberattacks. We continue to assess potential threats and make investments seeking to address and prevent these threats, including monitoring of our networks and systems and upgrading skills, employee training and security policies for us and our third-party providers. However, because the techniques used in these cyberattacks change frequently and may be difficult to detect for periods of time, we may face difficulties in anticipating and implementing adequate preventative measures. To date, risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have not materially affected and we do not believe are reasonably likely to materially affect the Company, including our business strategy, results of operations, or financial condition. Additional information about cybersecurity risks we face is discussed in "Item 1A. Risk Factors," which should be read in conjunction with the information in this Item 1C. SharkNinja performs third-party cybersecurity program risk assessments to evaluate key vendors' abilities to maintain ongoing operations that support the Company and to protect confidential information from unauthorized access. The Company evaluates risks and implements mitigation strategies with vendors when applicable. Contracts with vendors include provisions that govern effective cybersecurity program management and privacy requirements. 62 Cybersecurity Governance The Audit Committee of the Board of Directors provides oversight of the Company's cybersecurity program and receives regular updates on cyber-risks and risk mitigation strategies. This oversight includes understanding our business needs and associated risks and reviewing management's strategy and recommendations for managing cybersecurity and privacy risks. In line with this oversight responsibility, the Audit Committee receives regular updates on cyber-risks and risk mitigation strategies from management. Outside counsel and cybersecurity consultants support the Audit Committee in its oversight of the SharkNinja cybersecurity program. The VP, Global Security and Privacy, along with the Senior Director of Security Operations, Security Architect, and Director of Governance, Risk and Compliance, oversees program planning, operations, training and continuous improvement including: 1. Cyber-risks are reported and monitored through the Enterprise Risk Management program with oversight by the Enterprise Risk Committee. 2. Periodic third-party cybersecurity threat modeling and maturity assessment designed to identify likely threat actors and attack techniques and the Company's ability that mitigate likely threats. 3. Annual Cybersecurity Strategic Plan and roadmap designed to align cybersecurity budget investments and program enhancements with corporate initiatives and growth goals. 4. Policies and standards that govern the cybersecurity program and the use of technology assets by SharkNinja associates. 5. Cybersecurity awareness training at time of onboarding and annually for all associates, email phishing simulations and ongoing communications to inform associates of current threats and attack techniques. 6. Frequent vulnerability scanning, cloud configuration monitoring and security tests to identify and reduce risk exposure of critical assets. 7. Annual incident response plan preparedness assessment led by outside consultants to evaluate the Company's ability to effectively respond to a cybersecurity incident. Collectively, the team has 50 plus years of experience and holds industry certifications including ISACA Certified Information Security Manager. Additionally, a Cybersecurity & Privacy Steering Committee consisting of our Chief Information Officer, Chief Legal Officer and Chief Financial Officer meets periodically and is apprised of key risks .
Item 1C. SharkNinja performs third-party cybersecurity program risk assessments to evaluate key vendors' abilities to maintain ongoing operations that support the Company and to protect confidential information from unauthorized access. The Company evaluates risks and implements mitigation strategies with vendors when applicable. Contracts with vendors include provisions that govern effective cybersecurity program management and privacy requirements. 62 Cybersecurity Governance The Audit Committee of the Board of Directors provides oversight of the Company's cybersecurity program and receives regular updates on cyber-risks and risk mitigation strategies. This oversight includes understanding our business needs and associated risks and reviewing management's strategy and recommendations for managing cybersecurity and privacy risks. In line with this oversight responsibility, the Audit Committee receives regular updates on cyber-risks and risk mitigation strategies from management. Outside counsel and cybersecurity consultants support the Audit Committee in its oversight of the SharkNinja cybersecurity program. The VP, Global Security and Privacy, along with the Senior Director of Security Operations, Security Architect, and Director of Governance, Risk and Compliance, oversees program planning, operations, training and continuous improvement including: 1. Cyber-risks are reported and monitored through the Enterprise Risk Management program with oversight by the Enterprise Risk Committee. 2. Periodic third-party cybersecurity threat modeling and maturity assessment designed to identify likely threat actors and attack techniques and the Company's ability that mitigate likely threats. 3. Annual Cybersecurity Strategic Plan and roadmap designed to align cybersecurity budget investments and program enhancements with corporate initiatives and growth goals. 4. Policies and standards that govern the cybersecurity program and the use of technology assets by SharkNinja associates. 5. Cybersecurity awareness training at time of onboarding and annually for all associates, email phishing simulations and ongoing communications to inform associates of current threats and attack techniques. 6. Frequent vulnerability scanning, cloud configuration monitoring and security tests to identify and reduce risk exposure of critical assets. 7. Annual incident response plan preparedness assessment led by outside consultants to evaluate the Company's ability to effectively respond to a cybersecurity incident. Collectively, the team has 50 plus years of experience and holds industry certifications including ISACA Certified Information Security Manager. Additionally, a Cybersecurity & Privacy Steering Committee consisting of our Chief Information Officer, Chief Legal Officer and Chief Financial Officer meets periodically and is apprised of key risks .

Company Information