NOVAGOLD RESOURCES INC 10-K Cybersecurity GRC - 2025-01-23

Page last updated on January 23, 2025

NOVAGOLD RESOURCES INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-01-23 08:01:02 EST.

Filings

10-K filed on 2025-01-23

NOVAGOLD RESOURCES INC filed a 10-K at 2025-01-23 08:01:02 EST
Accession Number: 0001171843-25-000387

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy The Company utilizes a sophisticated network monitoring service as a first line of defense to identify, assess, manage, mitigate and respond to cybersecurity threats, which is supplemented by employee training to ensure rapid internal responsiveness should an incident be detected. The Company regularly assesses the threat landscape and takes a holistic view of cybersecurity risks, with a layered cybersecurity strategy based on prevention, detection and mitigation. Recognizing the complexity and evolving nature of cybersecurity threats, we have partnered with a third-party cybersecurity company to leverage specialized knowledge and insights, ensuring our cybersecurity strategies and processes remain at the forefront of industry best practices. Our cybersecurity partner works to continuously scan and monitor our networks for threats and vulnerabilities, alert management in real-time with high-risk cybersecurity incidents, provide quarterly management updates summarizing recent cybersecurity activity and provide access to a 24/7 incident response team. This partnership is actively managed by the Chief Financial Officer (“CFO”) to ensure effective implementation. We recognize the importance of developing, implementing, and maintaining robust cybersecurity measures to safeguard our information systems and protect the confidentiality, integrity, and availability of our data. As a result, we have integrated cybersecurity risk management into our broader risk management framework to promote a holistic approach toward assessing, identifying, and managing material risks associated with cybersecurity threats. This integration ensures that cybersecurity considerations are an integral part of the decision-making processes throughout our organization. As of the date of this Annual Report, we have not identified risks from cybersecurity threats, including threats from any previous cybersecurity incidents, that have or are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition. While we continually work to safeguard the information systems we use, and the proprietary, confidential and personal information residing therein, and mitigate potential risks, there can be no assurance that such actions will be sufficient to prevent cybersecurity incidents or mitigate all potential risks to such systems, networks and data or those of our third-party providers. For additional information, refer to Item 1A, " Risk Factors - The Company is dependent upon information technology systems, which are susceptible to disruption, damage, failure, and risks associated with implementation and/or integration " , above. The Audit Committee has been delegated, by and on behalf of the Board, direct and primary oversight of the Company’s cybersecurity risk exposures and the steps taken by management to monitor, mitigate and manage/respond to cybersecurity risks and incidents. The CFO is responsible for overseeing NovaGold’s cybersecurity program and other IT activities. No less than annually, the CFO briefs the Audit Committee on the effectiveness of the Company’s cyber risk management program on a wide range of topics, including recent developments, vulnerability assessments, the threat environment, technological trends and information security considerations arising with respect to the Company. The Board and the Audit Committee receive prompt and timely information regarding any cybersecurity incident that meets the SEC, Canadian Securities Administrators and stock exchange-established reporting thresholds, as well as ongoing updates and follow-up disclosures regarding any such incident until it has been wholly addressed and remediated. Governance Cybersecurity is an important part of our risk management processes and an area of focus for our Board and management team. Our Audit Committee is responsible for the Board-level oversight of risks from cybersecurity threats. Members of our Audit Committee receive updates from the CFO at least annually and more frequently if warranted, regarding Company practices, programs, and other developments related to cybersecurity, cyber threats and our cybersecurity risk management and strategy program. Our Audit Committee is comprised of Board members with diverse and relevant expertise in risk management and strategy, sufficient to oversee cybersecurity risks effectively. We maintain a cybersecurity incident response team composed of professionals across various functions, including information technology, legal, finance, accounting, and risk. This team is trained in managing cybersecurity incidents and leverages the information technology expertise of our third-party cybersecurity partner. 24 NOVAGOLD RESOURCES INC.

Company Information