Ambiq Micro, Inc. 10-K Cybersecurity GRC - 2026-03-05

Page last updated on March 5, 2026

Ambiq Micro, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-03-05 16:17:35 EST.

Filings

10-K filed on 2026-03-05

Ambiq Micro, Inc. filed a 10-K at 2026-03-05 16:17:35 EST
Accession Number: 0001193125-26-094004

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. Cybersecurity Risk Management and Strategy We have implemented and maintain various information security policies and processes designed to identify, assess, and mitigate cybersecurity risks. These policies and processes are intended to protect the confidentiality, integrity, and availability of our critical information systems and our critical data, including intellectual property and confidential information that is proprietary, strategic, or competitive in nature ("Information Systems and Data"). Our information security function and engineering operations team identifies and assesses risks from cybersecurity threats by monitoring and evaluating our threat environment using various methods appropriate to our operations including, for example, manual tools and automated tools, analyzing reports of threats and actors, conducting scans of the threat environment, evaluating threats reported to us, engaging in audits, engaging third parties to conduct threat assessments, and conducting vulnerability assessments. Depending on the environment, we implement and maintain various technical, physical, and organizational measures and procedures designed to manage and mitigate material risks from cybersecurity threats to our Information Systems and Data, including, for example, incident detection and response, disaster recovery/business continuity plans, risk assessments, encryption of data, network security controls, access controls, physical security, asset management, tracking and disposal, systems monitoring, employee training, and cybersecurity insurance. We use third-party service providers to assist us from time to time to identify, assess, and manage material risks from cybersecurity threats, including for example, cybersecurity software providers. Additionally, we use third-party service providers to perform a variety of functions throughout our business, such as application providers, hosting companies, contract research organizations, contract manufacturing organizations, distributors, and supply chain resources. We have vendor management processes 41 to manage cybersecurity risks associated with certain of these providers. Depending on the nature of the services provided, the sensitivity of the Information Systems and Data at issue, and the identity of the provider, our vendor management process may involve different levels of assessment designed to help identify cybersecurity risks associated with a provider and impose contractual obligations related to cybersecurity on the provider. We also maintain risk-based processes to assess and review the cybersecurity practices of certain of our third-party vendors and services providers prior to onboarding, including through review of System and Organization (SOC) reports provided by potential vendors and the inclusion of security requirements in contracts, as appropriate. Employees are required to complete regular cybersecurity awareness training designed to raise awareness of cybersecurity threats. For a description of the risks from cybersecurity threats that may materially affect the Company and how they may do so, see our risk factors under Part I. Item 1A. Risk Factors in this Annual Report on Form 10-K, including "If our information technology systems or data, or those of third parties, such as vendors and suppliers, with whom we work, are or were compromised, we could experience adverse consequences resulting from such compromise, including but not limited to regulatory investigations or actions; litigation; fines and penalties; disruptions of our business operations; reputational harm; loss of revenue or profits; loss of customers or sales; and other adverse consequences." Governance Related to Cybersecurity Risks Our board of directors ("Board") addresses our cybersecurity risk management as part of its general oversight function. The Board is responsible for overseeing our cybersecurity risk management processes, including oversight of mitigation of risks from cybersecurity threats. Our cybersecurity risk assessment and management processes are implemented and maintained by certain Company management, including our Engineering Advisor who oversees IT and information security, in connection with our IT personnel. The Engineering Advisor is responsible for day-to-day implementation, management and evaluation of our cybersecurity risk assessment and management processes. This team has primary responsibility for our overall cybersecurity risk management program, including monitoring the detection, prevention, mitigation, and remediation of cybersecurity incidents, and works in partnership with our other business leaders, including our executive management team. The Engineering Advisor supervises both our internal cybersecurity personnel and any retained external cybersecurity consultants. Our cybersecurity incident response processes are designed to escalate certain cybersecurity incidents to members of management depending on the circumstances, including the Engineering Advisor. The Engineering Advisor works with the Company's incident response team to help the Company mitigate and remediate cybersecurity incidents of which they are notified. In addition, the Company's incident response processes include reporting to the audit of the board of directors for certain cybersecurity incidents. The Board receives periodic reports from our IT function, including our Engineering Advisor, concerning the Company's significant cybersecurity threats and risk and the processes the Company has implemented to address them. The Board also has access to various reports, summaries or presentations related to cybersecurity threats, risk and mitigation.

Company Information