AIRGAIN INC 10-K Cybersecurity GRC - 2025-02-27

Page last updated on February 27, 2025

AIRGAIN INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-02-27 17:14:23 EST.

Filings

10-K filed on 2025-02-27

AIRGAIN INC filed a 10-K at 2025-02-27 17:14:23 EST
Accession Number: 0000950170-25-029234

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Cybersecurity Risk Management and Strategy We use the CIS benchmarks as a guideline to strengthen our cybersecurity practices. This is intended to protect the confidentiality, integrity, and availability of our critical systems and information. Our adoption of the CIS benchmarks is a helpful baseline for potential future alignment with internationally recognized frameworks such as NIST Cybersecurity Framework, or ISO 27001. Integration with Enterprise Risk Management Our cybersecurity risk management program is integrated into our enterprise risk management framework. It shares methodologies, reporting channels, and governance processes applied across other risk domains, including legal, compliance, strategic, operational, and financial risks. Core Components of the Cybersecurity Risk Management Program Our program includes the following: - Risk Assessments: Conducting risk capacity evaluations, pressure tests, and gap analyses while formalizing risk tolerance. - Security Team: A team dedicated to managing cybersecurity risks, implementing security controls, and responding to incidents. - External Expertise: Engaging third-party providers to evaluate, test, and enhance aspects of our security controls. - Cybersecurity Awareness Training: Ongoing training for employees, incident response personnel, and senior leadership. - Third-Party Risk Management: Assessing and monitoring vendors, suppliers, and service providers to mitigate risks to our organization. Material Cybersecurity Risk Assessment We have recently completed an IT Audit of our China Office as part of our broader cybersecurity risk management efforts. This audit identified certain gaps in our systems, processes, and controls specific to our operations in China. These gaps do not indicate the presence of any known cybersecurity threats or incidents, but they highlight areas for improvement to strengthen our overall cybersecurity posture. We are actively and diligently working to address and mitigate these gaps by enhancing our security controls and aligning them with our enterprise-wide cybersecurity strategy. This proactive approach ensures that our systems remain resilient and secure in an evolving regulatory and operational environment. At this time, no cybersecurity threats or incidents have been identified that have materially affected or are reasonably likely to materially affect our operations, business strategy, results, or financial condition. Cybersecurity Governance Our board of directors considers cybersecurity risk as part of its risk oversight function and has delegated to the audit committee of our board of directors (Audit Committee) oversight of cybersecurity and other information technology risks. The Audit Committee oversees management’s implementation of our cybersecurity risk management program. Management updates the Audit Committee and executives as necessary, regarding any material cybersecurity incidents, as well as any incidents with lesser impact potential. 36 Our management team, including the CTO and IT Manager , is responsible for assessing and managing our material risks from cybersecurity threats. The team has primary responsibility for our overall cybersecurity risk management program and supervises both our internal cybersecurity personnel and our retained external cybersecurity consultants. Our management team has several years of experience and has been trained for various roles in information technology and cybersecurity at numerous technology companies. The team supervises efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, which may include: - Briefings from internal security personnel; - Threat intelligence and information obtained from governmental, public, or private sources, including external consultants engaged by us; and - Alerts and reports produced by security tools deployed in our IT environment.

Company Information