Globalstar, Inc. 10-K Cybersecurity GRC - 2025-02-28

Page last updated on March 3, 2025

Globalstar, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-02-28 16:21:23 EST.

Filings

10-K filed on 2025-02-28

Globalstar, Inc. filed a 10-K at 2025-02-28 16:21:23 EST
Accession Number: 0001366868-25-000033

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy We have an enterprise-wide information security program designed to identify, protect against, detect, respond to and manage reasonably foreseeable cybersecurity risks and threats. Our information security program is integrated into our overall risk management systems and led by our Data Protection Officer. This program is on par with industry standards and best practices, such as the National Institute of Standards and Technology (“NIST”) Cybersecurity Framework. Internal employees as well as third party advisors are involved in the development and continued maintenance of our cybersecurity program. We also hold cybersecurity insurance as part of our risk management program. The program is evaluated and audited on an annual basis by independent third parties through ongoing IT compliance initiatives. Additionally, each year, we conduct cross-functional tabletop training exercises to rehearse our response to cyber-related breach incidents. We require that all employees complete cybersecurity trainings at least quarterly to mitigate cyber risks. We also randomly test employees with phishing simulations and provide periodic cyber and security updates. As part of the risk management program, we engaged external subject matter experts to develop a comprehensive third party and vendor due diligence program. This program strengthens our cybersecurity program by ensuring the establishment of contractual agreements and data protection clauses, documentation of processing activities performed as part of each service and identifies responsible process owners. Third parties and vendors with access to our information, systems and networks complete additional due diligence verification activities. All vendors with access to internal systems and networks must comply with our IT policies. Formal monitoring procedures of relationships with third parties are performed on at least an annual basis. This level of oversight allows us to maintain proactive visibility and security baseline requirements with our established external relationships. Our formalized cybersecurity incident response plan is a framework to facilitate the detection, identification, containment and eradication of and recovery from cybersecurity incidents. This framework addresses how and which risks impact our operational, financial or reputational standing and/or the ability to comply with regulatory or legal requirements. Governance Oversight of our cybersecurity program is performed by our executive management and board of directors. Specifically, our executive management includes our Vice President of Network IT and Applications, who serves as our Data Protection Officer and has over 25 years of experience in IT systems, cybersecurity and risk management, as well as our Chief Executive Officer and Chief Financial Officer. Our Vice President of Network IT and Applications is responsible for reviewing cybersecurity risks, controls, policies and processes. This includes training, policy development and updates, while also keeping senior leadership informed on cybersecurity matters. We also have a department dedicated to monitoring our systems to prevent cybersecurity attacks. The Board of Directors receives information from management regarding any significant changes to the Company’s cybersecurity policies and procedures, as well as recently identified risks and other recent information relative to cybersecurity, and on at least an annual basis our Data Protection Officer presents the Company’s cybersecurity program to the Board of Directors. As of the date of this report, we are not aware of any material risks from cybersecurity threats, that have materially affected or are reasonably likely to materially affect the Company, including our business strategy, results of operations, or financial condition. However, we are subject to various cybersecurity risks that could adversely affect our business, financial condition and results of operations. Such risks may include harm to our employees or customers, violation of privacy laws, theft, fraud, extortion as well as legal and reputational risk. See Item 1A. Risk Factors, " Our networks and those of our third-party service providers and customers may be vulnerable to cyber-attacks and other security breaches, which could have significant negative consequences. " for further discussion.

Company Information