Interactive Brokers Group, Inc. 10-K Cybersecurity GRC - 2025-02-27

Page last updated on February 27, 2025

Interactive Brokers Group, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-02-27 17:02:30 EST.

Filings

10-K filed on 2025-02-27

Interactive Brokers Group, Inc. filed a 10-K at 2025-02-27 17:02:30 EST
Accession Number: 0001381197-25-000036

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY We are a global financial services firm, with a longstanding commitment to providing a reliable and secure trading environment for our customers. Technology is at the core of our business, with customers, exchanges, clearing houses, counterparties, and third-party service providers interacting with our systems and applications on an ongoing basis. As a consequence, we are subject to significant cybersecurity risks. Moreover, such risks have been increasing over time, due to the growing sophistication of cyber threat actors, geo-political instability, and advances in technology, such as AI, which are known to have been misused in cyber-attacks. As part of our overall risk management framework, our cybersecurity program is designed to identify, assess, and manage cyber risks. The program involves risk assessments, implementation of security measures, and ongoing monitoring of systems and networks. We continually evaluate the current threat landscape to identify material risks arising from new and evolving cybersecurity threats. Management and Board Oversight of Cybersecurity Risks The Company’s management, including the Company’s Executive Vice President of Technology and Chief Information Security Officer (“CISO”), are responsible for assessing and managing material risks from cybersecurity threats. Members of Company management possess relevant expertise in various disciplines that are key to effectively managing such risks. The Company’s management, including through its oversight of the Company’s policies and procedures regarding cybersecurity, is actively involved in the prevention, detection, mitigation, and remediation of cybersecurity incidents impacting or with the potential to impact the Company. Management’s oversight is augmented through the Company’s Enterprise Risk Management Framework, which includes risk and control assessments related to the Company’s cybersecurity program. Additionally, the Company’s Internal Audit Group periodically audits aspects of the Company’s cybersecurity program and reports the results of such audits to the Board’s Audit Committee, and an external audit firm conducts an annual SOC 2 attestation of the Company’s information security controls. If a cybersecurity incident occurs, incident response procedures are in place to ensure that the occurrence is appropriately reported to the CISO and senior management. Where necessary, business continuity plans are mobilized to minimize disruption to business operations. The Company has established the Cyber Materiality Committee (“CMC”), whose purpose is to review cybersecurity incidents escalated to it by our Threat & Incident Management Team and determine whether they are material and thus require a disclosure on Form 8-K. CMC’s membership includes the Chief Executive Officer (“CEO”), the Chief Financial Officer, the Executive Vice President of Technology, the CISO, and other senior leaders. Our Board of Directors receives periodic updates on cybersecurity matters and the overall state of our cybersecurity program from our CEO (based on consultation with our CISO and other senior members of our Information Security and/or Technology teams). Assessment of Cybersecurity Risk The potential impact of risks from cybersecurity threats to the Company is assessed on an ongoing basis. During the reporting period and through the issuance of this Annual Report on Form 10-K, the Company has not identified any risks from cybersecurity threats, including as a result of previous cybersecurity incidents, that the Company believes have materially affected, or are reasonably likely to materially affect the Company, including its business strategy, operational results, and financial condition. For additional information about cybersecurity risks, see Part I, Item 1A, “Risk Factors” in this Annual Report on Form 10-K.

Company Information