Page last updated on March 5, 2026
Gevo, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-03-05 16:25:02 EST.
Filings
10-K filed on 2026-03-05
Gevo, Inc. filed a 10-K at 2026-03-05 16:25:02 EST
Accession Number: 0001392380-26-000006
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
Item 1C. Cybersecurity We have an information security program designed to identify, protect, detect and respond to and manage reasonably foreseeable cybersecurity risks and threats. To protect our information systems from cybersecurity threats, we use various security tools that help prevent, identify, escalate, investigate, resolve and recover from identified vulnerabilities and security incidents in a timely manner. These include, but are not limited to, internal reporting, monitoring and detection tools. We regularly assess risks from cybersecurity and technology threats and monitor our information systems for potential vulnerabilities. To evaluate and prioritize risks, we rely on industry-standard models such as widely adopted risk quantification frameworks like NIST, which help us to identify, measure and prioritize cybersecurity and technology risks and develop related security controls and safeguards. We conduct regular reviews and tests of our information security program and also leverage other exercises ( e.g. , penetration and vulnerability testing) to evaluate the effectiveness of our information security program and improve our security measures and planning. While we have not, as of the date of this Form 10-K, experienced a cybersecurity threat or incident that resulted in a material adverse impact to our business or operations, there can be no guarantee that we will not experience such an incident in the future. Such incidents, whether or not successful, could result in our incurring significant costs related to, for example, rebuilding our internal systems, implementing additional threat protection measures, defending against litigation, responding to regulatory inquiries or actions, paying damages, providing customers with incentives to maintain a business relationship with us, or taking other remedial steps with respect to third parties, as well as incurring significant reputational harm. We also recognize that the dynamic and evolving nature of cybersecurity threats requires a proactive and adaptive approach to our defenses, continuously assessing and enhancing our tools and strategies. Our Chief of Staff oversees our information security program, which provides greater alignment of IT initiatives with enterprise-wide risk management strategies. This dual focus on technology and organizational resilience leverages her expertise in managing complex, interconnected risks at the nexus of people and systems. Team members who support our information security program have relevant educational and industry experience. The team provides regular reports to senior management on various cybersecurity threats, assessments and findings . The Board oversees our enterprise risk assessment, where key risks within the company are assessed, including security and technology risks and cybersecurity threats. The Audit Committee oversees our cybersecurity risk, receives regular reports from our Chief of Staff on various cybersecurity matters, including risk assessments, mitigation strategies, areas of emerging risks, incidents and industry trends, other areas of importance and provides further reporting on these topics to the Board .
Company Information
| Name | Gevo, Inc. |
| CIK | 0001392380 |
| SIC Description | Industrial Organic Chemicals |
| Ticker | GEVO - Nasdaq |
| Website | |
| Category | Non-accelerated filer Smaller reporting company |
| Fiscal Year End | December 31 |