MICROVISION, INC. 10-K Cybersecurity GRC - 2026-03-04

Page last updated on March 4, 2026

MICROVISION, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-03-04 17:20:52 EST.

Filings

10-K filed on 2026-03-04

MICROVISION, INC. filed a 10-K at 2026-03-04 17:20:52 EST
Accession Number: 0001493152-26-008898

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Risk Management and Strategy Our Cybersecurity Processes We continue to strengthen our cybersecurity measures to safeguard our information systems based on industry standards. Our measures include policies to promote internal compliance by our employees, policies and procedures to regularly evaluate the security of our information systems and implementation of third-party products, including intrusion prevention and detection solutions, multifactor identification and anti-virus software, to help detect and protect against potential cybersecurity threats. We educate our staff on cybersecurity matters with periodic risk awareness information, phishing awareness campaigns, and training materials. Moreover, given the rapid growth of our global operations due to recent acquisitions, and our expectations for near- and long-term strategic growth, our Information Technology, or IT, team is prioritizing enhancements to our response system and continuity plans. A key dimension to the security and effectiveness of our information system is our compliance with standards that are unique to the industries in which we operate. For instance, it is critical that our information system achieves TISAX compliance. Established by the German Association of the Automotive Industry, Trusted Information Security Assessment Exchange, or TISAX, is a globally recognized assessment and exchange mechanism for information security in the automotive industry. Automotive OEMs rely on the TISAX label to ensure that suppliers and partners have a solid information security management system in place. Our German subsidiary completed the TISAX assessment and became registered as a TISAX participant in April 2025. To successfully complete the TISAX assessment process in our U.S. operations, we are actively evaluating our cybersecurity measures and seeking enhancements, including engaging a third-party auditor and global standardization of our cybersecurity training program, to ensure a comprehensive and robust system. We evaluate our third-party information system providers, as well as any other provider that may have access to our data, for their maturity and reliability, and as a matter of policy we choose to only work with reputable vendors. Risks from Cybersecurity Threats We have not encountered cybersecurity incidents that have materially affected or are reasonably likely to materially affect us, including our operations or financial condition. A cybersecurity incident could be deemed to have a material impact on our operations if it caused a disruption to our ability to function as a global organization, including the interruption of our internal and external communications, public reporting, or management of our operations. Refer to "Item 1A. Risk Factors" in this annual report on Form 10-K, including "Our operations could be adversely impacted by information technology system failures, network disruptions, or cybersecurity breaches," for additional discussion about cybersecurity-related risks. Governance Board of Directors and Audit Committee With delegated authority from our Board of Directors and in accordance with its charter, our Audit Committee is charged with the oversight of enterprise risk, including risk related to cybersecurity threats. Our Audit Committee Chair is expected to report regularly to our Board of Directors about our Audit Committee's oversight of enterprise risk. Our Audit Committee Chair reports quarterly to our Board of Directors specifically about our cybersecurity incident management and governance. Management reports quarterly to our Audit Committee on cybersecurity, including initiatives and strategies, and incident reporting and any lessons learned. From time to time, management will also engage in informal discussions with members of the Audit Committee about our cybersecurity practices and risks, including informing our Audit Committee Chair in a timely manner about any cybersecurity incidents that management determines may have a significant impact on our operations or that may trigger any reporting obligations. Our Audit Committee will conduct an annual review of our cybersecurity measures and the effectiveness of our risk management strategies. 21 Management Stephen Hrynewich joined MicroVision in 2023 and was named as our Interim Chief Financial Officer in December 2025. He is an experienced risk management professional and currently oversees the Company's accounting and finance strategies, including risk management. Mr. Hrynewich also oversees our IT team and, with regular communication with the team, is responsible for approving the IT budget, hiring of IT personnel, including third-party consultants, and, along with our General Counsel, approving cybersecurity processes and other cybersecurity-related matters. Although we do not currently employ a chief information security officer, we are working with an outside consulting firm that is serving in this role and assisting our internal team with the primary responsibility of overseeing our cybersecurity measures and risks. The day-to-day responsibility for assessing, monitoring and managing our cybersecurity risks resides with our IT team, with supervision from our General Counsel. Across the IT team we have a dedicated cybersecurity analyst as well as employees who have in-depth knowledge and decades of cybersecurity industry experience, including prior experience with developing and overseeing cybersecurity polices and processes for companies required to comply with NIST SP800-171, cybersecurity standards for companies that store sensitive unclassified information on behalf of the United States government, and experience with TISAX compliance. Yet, we recognize the evolving and increasing threat that cybersecurity will have on our operations. As part of our long-term growth strategy, we expect to build out our dedicated cybersecurity team to oversee our cybersecurity risk management. The IT Team Director regularly meets with the General Counsel and Chief Financial Officer and, as appropriate, the Chief Executive Officer to discuss cybersecurity risks. This ensures that management is informed about our current cybersecurity measures and aware of any potential risks facing our operations. In the event of a cybersecurity incident, we have put in place a reporting structure to inform the General Counsel, Chief Financial Officer, and Chief Executive Officer promptly of any incident so that they may assess the appropriate response to the incident and any reporting concerns that may be triggered by the incident.

Company Information