Circle Internet Group, Inc. 10-K Item 1C. Cybersecurity - 2026-03-09
Circle Internet Group, Inc. disclosed their cybersecurity strategy, risk management and governance process in an annual SEC Filing 10-K filing on 2026-03-09 08:36:51 EDT
Company Summary
Circle Internet Group operates a full-stack internet financial platform anchored by its payment stablecoins (USDC, EURC) and related services, providing blockchain infrastructure (Arc), developer tools, minting and liquidity services (Circle Mint, xReserve), and applications for institutional payments and FX (CPN, StableFX).
Filings
10-K filed on 2026-03-09
Circle Internet Group, Inc. filed an SEC Filing 10-K filing on 2026-03-09 08:36:51 EDT.
Accession Number: 0001876042-26-000062
Item 1C. Cybersecurity
Item 1C - Cybersecurity
Item 1C . Cybersecurity
Risk Management and Strategy
Cybersecurity is an integral part of our enterprise risk management framework. As a global technology and financial services company operating internet and blockchain-native platforms, we face evolving cybersecurity threats that could impact the confidentiality, integrity, and availability of our systems and data. We have implemented a comprehensive information security program designed to identify, assess, and manage cybersecurity risks, protect critical systems and customer information, detect and respond to cybersecurity incidents, and support timely recovery. Our cybersecurity program is informed by the National Institute of Standards and Technology ("NIST") Cybersecurity Framework and is designed to adapt to changes in our business, technology environment, and threat landscape.
Our cybersecurity risk management processes include enterprise-wide risk assessments, threat intelligence, vulnerability management, third-party risk management , and business continuity and disaster recovery planning. We maintain policies, standards, and procedures addressing areas such as access controls, data protection, incident response, system monitoring, and vendor security. We also conduct ongoing employee training and awareness programs and perform regular testing of our controls through internal reviews, independent audits, and third-party assessments. Cybersecurity incidents are evaluated based on severity and potential impact, escalated as appropriate, and addressed through established incident response and remediation processes.
Governance Framework
Governance and oversight of cybersecurity risk are provided at both the management and board levels. Our cybersecurity program is led by our Chief Security Officer ("CSO") , who is supported by a dedicated cybersecurity organization and works closely with our risk management, compliance, and legal teams. Management-level risk committees regularly review cybersecurity risks, incidents, and program enhancements, and material cybersecurity matters are reported to executive management and the Board of Directors, including through the Board's Audit and Risk Committees.
To date, we have not experienced a cybersecurity incident that has materially affected, or is reasonably likely to materially affect, our business strategy, results of operations, or financial condition. However, we recognize that cybersecurity threats are pervasive and continue to invest in and enhance our cybersecurity capabilities to mitigate these risks.
While all of our employees play a part in information security, cybersecurity, and data privacy, oversight responsibility is shared by the Board, its committees, and management, as further highlighted below.
##TABLE_START Responsible Party Oversight Area for Cybersecurity and Privacy Matters Board of Directors Provides ultimate oversight of cybersecurity risk as part of enterprise risk management; receives regular updates on cybersecurity risks, incidents, and program effectiveness; oversees management's approach to identifying, assessing, and mitigating cybersecurity risks aligned with the NIST Cybersecurity Framework. Audit Committee Oversees cybersecurity risks related to financial reporting, internal controls, and audit processes; receives updates on cybersecurity controls, monitoring, and testing, including findings from internal audit, external audits, and third-party assessments; reviews cybersecurity matters that could impact financial reporting or disclosure obligations. Risk Committee Oversees cybersecurity as a component of the enterprise risk management framework; monitors cybersecurity risk exposure, risk appetite, and mitigation strategies; reviews emerging threats, significant incidents, and management's remediation efforts through regular reporting from management and internal risk committees. Disclosure Committee Oversees the identification and escalation of cybersecurity risks and incidents that may be relevant to public disclosures; evaluates, in coordination with management, whether cybersecurity matters require disclosure in periodic reports or other filings; helps ensure cybersecurity disclosures are accurate, consistent, and timely.
Management (including CSO)
Responsible for day-to-day operation of the cybersecurity program; establishes and maintains policies, standards, and procedures aligned with NIST; conducts risk assessments, threat intelligence, and third-party risk management; oversees incident detection, response, and recovery; reports cybersecurity risks, incidents, and program enhancements to senior management, the Board, and its committees through established governance and escalation processes. ##TABLE_END
Company
Profile
| Name | Circle Internet Group, Inc. |
|---|---|
| CIK | 1876042 |
| SIC Description | |
| Industry | |
| Ticker | CRCL |
| Website | |
| Category | Non-accelerated Filer |
| Fiscal Year End | December 31 |