National Energy Services Reunited Corp. 10-K Cybersecurity GRC - 2026-03-06

Page last updated on March 6, 2026

National Energy Services Reunited Corp. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-03-06 16:06:31 EST.

Filings

10-K filed on 2026-03-06

National Energy Services Reunited Corp. filed a 10-K at 2026-03-06 16:06:31 EST
Accession Number: 0001493152-26-009139

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Risk Management and Strategy As a leading provider of oilfield services across diverse and often challenging environments, NESR recognizes that secure and reliable access to operational technology, field communications networks, and proprietary customer data is essential to maintaining safe, efficient, and uninterrupted operations. We have implemented a comprehensive Cybersecurity Risk Management Program designed to protect the confidentiality, integrity, and availability of our information systems and digital assets. This program covers all aspects of our operations, including corporate information technology ("IT") systems, field-based digital infrastructure, remote monitoring platforms, and customer-facing digital applications . We apply a layered defense approach that combines technical, administrative, and physical controls to prevent, detect, and respond to cyber threats. These controls include network security measures, endpoint protection, multi-factor authentication, encryption, access management, and continuous monitoring supported by incident detection and response capabilities. We are committed to protecting the privacy and confidentiality of information entrusted to us by our customers, clients, vendors, and suppliers. Our cybersecurity and data protection controls are designed to safeguard sensitive and proprietary data throughout its lifecycle, from collection and transmission to storage and disposal. We implement strict access controls, data handling procedures, and confidentiality obligations to help ensure that such information is used solely for legitimate business purposes and remains protected against unauthorized access, disclosure, or misuse. We also enforce device compliance through centralized endpoint management tools to ensure that only authorized and secure devices can access company systems and data. These measures strengthen control over configurations, software updates, and data protection across all connected devices. Advanced email security systems and phishing detection tools are deployed to protect against social engineering and email-borne threats. Given the nature of our field operations, which often take place in remote and complex environments, NESR has implemented enhanced cybersecurity procedures to help safeguard its operational systems and digital infrastructure from unauthorized access or disruption. We conduct regular vulnerability assessments, penetration testing, and simulation exercises, often with independent experts, to evaluate the resilience of our IT environments and to strengthen defenses where necessary. Cybersecurity awareness is a core element of our defense strategy. All employees receive periodic cybersecurity training and simulated phishing exercises to reinforce security awareness, data protection, and incident-reporting responsibilities. Targeted training is provided to personnel with elevated access to sensitive systems or information. We also maintain cybersecurity insurance to mitigate potential financial losses associated with certain types of incidents, however, such coverage may not fully offset all costs, operational impacts, or reputational effects that could result from a cybersecurity event. 36 Governance Cybersecurity risk management is an integral component of NESR's overall governance and risk oversight structure. The Board of Directors oversees cybersecurity as part of its broader oversight responsibilities, while the Audit Committee holds primary responsibility for cybersecurity matters . The Audit Committee receives periodic updates from management on cybersecurity risks, threat trends, and the effectiveness of control measures. Our Head of Information Technology ("Head of IT") leads the Company's global information security program and has more than 15 years of experience in cybersecurity and industrial control system security. The Head of IT reports to our CFO, who provides quarterly updates to the broader executive management team and the Audit Committee , as well as our Vice President of Operations . The IT organization collaborates closely with executive management, field operations and technical teams, functional leadership, business segment directors, compliance, and HSE to ensure coordinated risk identification, mitigation, and response across the enterprise. Incident Response and Monitoring NESR maintains a formally documented and regularly tested Incident Response Plan that defines clear procedures for identifying, containing, investigating, and remediating cybersecurity incidents. The plan includes coordination with external specialists, law enforcement authorities, and regulators when appropriate. For the fiscal year ended December 31, 2025, NESR did not experience any cybersecurity incidents that materially affected, or are reasonably likely to materially affect, its business strategy, results of operations, or financial condition. Nonetheless, as is typical within the energy services sector, NESR continues to be the target of attempts by malicious actors seeking unauthorized access to systems or data. The Company continuously monitors these threats and enhances its cybersecurity posture as needed. Third-Party and Supply Chain Risk Management NESR's operations rely on a global network of suppliers, contractors, and technology service providers. We manage cybersecurity risks associated with these third parties through a Vendor Risk Management Program that includes due diligence, contractual requirements for data protection and breach notification, and ongoing monitoring of cybersecurity performance. NESR requires critical vendors to maintain appropriate cybersecurity controls and to promptly notify the Company of any incidents that could impact NESR's systems, operations, or data.

Company Information