Drilling Tools International Corp 10-K Cybersecurity GRC - 2026-03-06

Page last updated on March 6, 2026

Drilling Tools International Corp reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-03-06 13:31:14 EST.

Filings

10-K filed on 2026-03-06

Drilling Tools International Corp filed a 10-K at 2026-03-06 13:31:14 EST
Accession Number: 0001193125-26-095973

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Identification and Management The Company has a cybersecurity Risk Management Policy in place that governs the life cycle in which cybersecurity risks, including: - Risk Identification: through various initiatives performed, including, annual assessments, penetration tests, Incident Response tabletop exercises, vulnerability scans, system monitoring activities, and cybersecurity reviews of critical third-party vendor engagements, etc. - Risk Evaluation & Treatment: Identified issues, vulnerabilities, and exposures are captured within the Company's Risk Register, which is updated periodically to reflect the most up to date treatment option selected by the Risk Owners. - Risk Reporting and Ongoing Management: Potentially material risks are shared as part of a monthly Cybersecurity Governance Forum, that's attended by leadership. Risk Mitigations are tracked to completion through various project updates. 23 The foundation of the Company's cybersecurity framework is based on written policies that govern different process areas. Risks are identified through various processes that employees perform through their daily operations and are mitigated, managed and/or governed through these established processes. The Company is not aware of any cybersecurity risks that have materially affected or are reasonably likely to materially affect the Company's business strategy, results of operations or financial condition. However, the Company cannot provide assurance that the Company will not be materially affected in the future by such risks or any future material incidents. Leveraging the Company's Cybersecurity Risk Management & Governance process, it has identified cybersecurity risk factors that are inherent to the Company's business and industry. The risk factors discussed in this section should be considered together with information included elsewhere in this Annual Report on Form 10-K and should not be considered the only risks to which the Company is exposed. Additionally, mitigation of these risk factors is tracked by management as part of the Cybersecurity Maturity Roadmap. - Disruptions in the Company's supply chain could result in an adverse impact on results of operations. - Network compromise or equipment sabotage could impact the operations of the manufacturing or distribution sites which could impact the revenue. - Cybersecurity incidents, including breaches of confidential information, sensitive data, personal information, or intellectual property could damage the Company's reputation, disrupt operations, increase costs, and impact revenues. - Nation state attacks due to current geopolitical and economic climate could impact oil and gas industry. Engagement of Third Parties The Company uses an IT Managed Service Provider in conjunction with a Cybersecurity Advisory firm to perform various functions, guiding the Company's cybersecurity posture, and providing ongoing support to the Company's cybersecurity program. The Company has Incident Response retainer services that can be leveraged, when needed. The Company uses a cybersecurity advisory firm to conduct annual risk assessments and penetration tests. Use Of Service Providers As part of its cybersecurity risk-management program, the Company has processes designed to identify and oversee cybersecurity risks related to third-party service providers, including risk-based diligence prior to engagement, the use of contractual information-security protections where appropriate, and ongoing monitoring of material vendor relationships. Board Oversight of Cybersecurity Matters The cybersecurity dashboard with roadmap progress is shared with the board of directors regularly, which includes actions completed and any topics that need board awareness / sponsorship such as approval of budgets which include cyber security project initiatives. An in-depth update regarding cyber security is discussed during quarterly meetings with the Audit Committee. The Audit Committee is ultimately responsible for overseeing management's execution of the Company's cybersecurity risk management program. The Chief Financial Officer (CFO) and designees are responsible for reviewing and approving the Cybersecurity Risk Management processes, or exceptions to such processes. External Counsel is consulted on legal matters related to Cybersecurity Risk or Incident Management as deemed necessary by leadership. Additionally, the Cybersecurity Risk Committee holds periodic Cybersecurity Governance Forums, in which detailed cybersecurity program updates and metrics are reported. 24 The Company's Chief Financial Officer and VP of Finance are responsible for the oversight and communication of cybersecurity threats and risks to the Company's Board of Directors . They meet regularly with the Board of Directors where a Cybersecurity roadmap progress is shared with the board. The management team members responsible for overseeing cybersecurity risk have relevant experience in information technology, data security, and enterprise risk management gained through their professional roles, including overseeing third-party service providers and implementing policies and controls designed to manage technology-related risks.

Company Information