BKV Corp 10-K Cybersecurity GRC - 2026-03-06

Page last updated on March 6, 2026

BKV Corp reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-03-06 16:44:10 EST.

Filings

10-K filed on 2026-03-06

BKV Corp filed a 10-K at 2026-03-06 16:44:10 EST
Accession Number: 0001628280-26-015661

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Our processes are designed to identify, assess, and manage cybersecurity risks that could be material to the Company, including risks that could compromise sensitive information, disrupt data or systems, or jeopardize the security of facilities and infrastructure, including third-party processing plants and pipelines. Managing Material Risks & Integrated Overall Risk Management We have strategically integrated cybersecurity risk management into our broader enterprise risk management framework to promote a company-wide culture of cyber risk awareness. Our cybersecurity risk management program is supported by a senior technology advisor and the Senior Director of Cybersecurity who work closely with our information technology ("IT") department to continuously evaluate and address cybersecurity risks in alignment with business objectives, operational needs, and industry-accepted standards, such as the Center for Internet Security (CIS) Critical Security Controls, National Institute of Standards and Technology (NIST) frameworks, and the North American Electric Reliability Corporation (NERC) standards. We have processes and procedures in place to monitor the prevention, detection, mitigation, and remediation of cybersecurity risks. These include but are not limited to: - Maintaining and regularly updating a defined and practiced incident response plan ("IRP"); - Maintaining cyber insurance coverage; - Employing appropriate incident prevention and detection software, such as antivirus, anti-malware, firewall, endpoint detection, and identity and access management; - Executing scheduled, recurring server and infrastructure vulnerability management and patching processes; - Maintaining a defined disaster recovery policy with backup/disaster recovery software; - Educating, training, and testing employees on information security practices and identification of potential cybersecurity risks and threats; and - Ensuring familiarity and compliance with cybersecurity frameworks. Engaging Third Parties on Risk Management Recognizing the complexity and evolving nature of cybersecurity risk, we engage with external experts, including, but not limited to, the Cybersecurity Operations Center ("CSOC") team to evaluate, monitor, and test our cyber management systems, and to respond to cyber risks. Our third-party CSOC team provides 24-hour monitoring to detect and respond to suspicious activity in real time. Our collaboration with third parties includes audits, threat and vulnerability assessments, IRP testing, company-wide monitoring of cybersecurity risks, and consultation on security enhancements. Third-party experts have assisted us in conducting cross-functional tabletop exercises, IT and operational technology network penetration assessments, and periodically scheduled cybersecurity risk discussions to develop comprehensive identified vulnerability remediation plans. Managing Third Party Risk Our cybersecurity approach assesses and manages the risks associated with the use of vendors, service providers, and other third parties that provide information system services, process information on our behalf, or have access to our information systems. BKV maintains ongoing monitoring to support continuous compliance with our cybersecurity standards and requirements, and regularly updates and patches third-party applications and tools when vulnerabilities are discovered. Risks from Cybersecurity Incidents As of March 6, 2026, we have not experienced any material cybersecurity incidents and we are not aware of any cybersecurity risks that are reasonably likely to materially affect the Company, its operations, or financial standing. For additional information about cybersecurity risks associated with our business, see Item 1A, " Risk Factors ." Governance Risk Management Personnel We have an enterprise risk committee that includes our executive leadership team and other senior members within our legal, IT, finance and accounting, and operational departments, which oversees our operational, strategic, and corporate-level risks, including risk management. Our comprehensive cybersecurity risk management is led by a senior technology advisor, who brings over 40 years of extensive experience in information technology and over 35 years in the oil and gas industry leading large, complex global technology operating environments. The senior technology advisor works closely with executive management and the Senior Director of Cybersecurity to provide strategic oversight and guidance on cybersecurity risk management. The senior technology advisor and Senior Director of Cybersecurity, who brings over 30 years of cybersecurity and compliance experience in the oil and gas and mining industries as a Certified Information Systems Security Professional (CISSP) and Certified Information Systems Auditor (CISA) in large complex global information technology operating environments, play key roles in assessing, monitoring, and managing the Company's cybersecurity risks. The senior technology advisor and Senior Director of Cybersecurity are supported by our IT department and CSOC. These stakeholders meet monthly to review the current risk trends, vulnerability and threat landscape, improvement programs, and an overall baseline scorecard over our cybersecurity risk. Our cybersecurity team continually conducts extensive reviews of our systems, networks, and data infrastructure to identify potential cybersecurity threats and vulnerabilities and implements systems and tools to remediate perceived risks. These tools are designed to prevent and detect activities or events that could pose a cybersecurity risk to our business and also enable the Company to quickly respond and recover from any potential cybersecurity event. Monitor Cybersecurity Incidents The senior technology advisor and Senior Director of Cybersecurity are continually informed and updated about the latest developments in cybersecurity, including emerging threats and innovative risk management techniques. Through the aid of the Company's CSOC, processes are implemented for 24/7/365 monitoring of our information systems and ongoing cybersecurity threat assessment. The deployment of advanced security measures, regular system audits to identify potential vulnerabilities, and periodic cyber assessment exercises support these programmatic efforts. In the event of a cybersecurity incident, the Company is equipped with a defined and practiced IRP. This plan includes immediate actions to mitigate the impact and long-term strategies for remediation and prevention of future incidents. Board of Director Oversight Our Audit & Risks Committee provides oversight of cybersecurity risk in connection with BKV's comprehensive cybersecurity strategy and receives regular quarterly updates on our ongoing assessment of cybersecurity risks, threats, and data security programs to prevent and detect breaches and attacks against us. The senior technology advisor and other experts , as necessary, provide the Audit & Risks Committee quarterly cybersecurity updates and risk discussions that encompass a broad range of topics, including but not limited to: - Current cybersecurity threat landscape and emerging threats; - Status of ongoing cybersecurity initiatives and strategies; - Incident reports and learnings from unique cybersecurity events, including those of other companies; - Compliance status and efforts with regulatory requirements and industry standards; and - Benchmarked data on the performance of certain aspects of our cybersecurity program relative to our peers. The Audit & Risks Committee meets quarterly to discuss areas that are potentially high risk to the Company.

Company Information