Noble Corp plc 10-K Cybersecurity GRC - 2025-02-18

Page last updated on February 19, 2025

Noble Corp plc reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-02-18 19:10:05 EST.

Filings

10-K filed on 2025-02-18

Noble Corp plc filed a 10-K at 2025-02-18 19:10:05 EST
Accession Number: 0001628280-25-006184

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cyber Security. Risk Management and Strategy Cyber security risk management at Noble, along with all enterprise risks, is part of the Company’s Enterprise Risk Management Program and risks from cyber security threats are assessed, identified, and managed by our Information Security Team. The Information Security Team reports to the Chief Information Officer (“CIO”). The Information Security Team is composed of the Director of Information Security, managers, and security analysts. The Information Security Team is responsible for all of Noble’s cyber security-related activities such as advising on governance requirements, setting cyber security policies, standards, and procedures, reporting, determining current risk appetite, setting security posture, evaluating security maturity, and ensuring compliance to cyber security frameworks. The team monitors both internal and external threats, potential compromising internet-based attacks, phishing activities, and aims to adapt with protective measures. The Director of Information Security and information security managers carry broad manager level cyber security certifications, and the technical teams carry relevant specific technical certifications related to both Information Technology and Operational Technology security. Noble’s cyber security program encompasses mandatory cyber training, awareness, phishing exercises, and cyber security incident response plan testing to assist with our cyber security risk management process and ensure various applicable implemented cyber controls are working as intended. Noble works with various third-party partners to help execute and advise on cyber security and evaluate maturity assessments as needed. Noble has a process of monitoring all third parties with direct access into the Noble network via various implemented security tools that act as both detective and preventive controls. All third parties with such direct access are also monitored via procurement processes and are subject to specific legal terms and conditions. Noble also engages with various third-party partners in order to share intelligence regarding external threats. For any cyber incidents, Noble may engage applicable third-party partners for forensic purposes. Noble also engages with various cyber security service providers, such as Crowdstrike, Fortinet, NTT, and Microsoft, which share applicable reports with Noble. In the last fiscal year, Noble has not identified any known cyber security threats, incidents, or exposures that have materially affected Noble’s business strategy, results of operations, or financial condition, but Noble faces certain ongoing cyber security risks that, if realized, could materially and adversely affect Noble. This does not guarantee that future incidents or threats will not have a material impact or that we are not currently the subject of an undetected incident or threat that may have such an impact. Potential cyber security risks to Noble are shared in Part I, Item 1A, “Risk Factors,” which should be read in conjunction with the foregoing information. Governance The Audit Committee of the Board provides oversight of the Company’s cyber security program. The Information Security Team keeps management informed about initiatives, threats, incidents, training, and best practices on an on-going basis via circulated memos or meetings. In addition to reporting through the Audit Committee and Enterprise Risk Management Program, the Board may periodically include cyber security as an independent agenda item and engages with the CIO and Information Security Team as well as external experts on cyber security matters. The Information Security Team advises the CIO via cyber reports on prevention, detection, mitigation, and remediation of cyber security incidents. The CIO is responsible for the Information Security Team risk strategy, assessment, exceptions, risk acceptance, and management of the Company’s material risks from cyber security risk appetites. Ongoing assessments cover applicable information technology and operations technology systems, applications, and software used to support Noble’s corporate and rig operations. The outcome of these various assessments influences the IT risk appetite and risk identification, and acceptance is discussed and shared with the CIO, executive management, the Audit Committee, and the Board of Directors. 36 The CIO has extensive cyber security knowledge and skills gained from over ten years of relevant work experience at Noble including two years as Deputy CIO as well as Director, IT prior to the merger with Maersk Drilling with responsibility for cyber security. The CIO has multiple years of experience managing OT data and secure remote access for data management on and offshore. Prior to serving as Director, IT the CIO was the Manager, Business Systems responsible for application management and Enterprise Architecture. The Information Security Team advises the CIO on prevention, detection, mitigation, and remediation of cyber security incidents.

Company Information