SES AI Corp 10-K Cybersecurity GRC - 2025-02-28

Page last updated on March 3, 2025

SES AI Corp reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-02-28 16:05:34 EST.

Filings

10-K filed on 2025-02-28

SES AI Corp filed a 10-K at 2025-02-28 16:05:34 EST
Accession Number: 0001819142-25-000017

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Cybersecurity is an important priority at SES, and we actively manage this critical risk through comprehensive measures. Our processes for assessing, identifying, and managing material risks from cybersecurity threats are still in development and have yet to be integrated into our overall risk management system and processes. ● Proactive Defense: We utilize industry-standard mechanisms to assess, identify, and address potential threats from cybersecurity incidents. Our dedicated information technology (IT) team continuously monitors the evolving cybersecurity landscape and develops robust response processes to swiftly and effectively handle emerging threats. ● Structured Framework: Our company-wide cybersecurity policy outlines our security posture and incident response protocol, ensuring clear escalation procedures to inform senior management, the Audit Committee, and the Board of Directors of cybersecurity events as needed. ● Independent Oversight: The Audit Committee , composed entirely of independent directors under SEC and NYSE rules, oversees our cyber risk exposure and evaluates our risk mitigation strategies. The committee was briefed by our VP, IT Services in depth, and in turn briefs the Board of Directors on any material cyber risks and events. Additionally, we use processes to oversee and identify material risks from cybersecurity threats associated with our use of third-party technology and systems, including third party penetration tests, external security audits of our data loss prevention mechanisms and require that our vendors comply with Service Organization Control Type II requirements. Previously, our information security program was led by our Vice President of Compliance and Information Technology, who has since left the Company. As of February 25, 2025, the responsibilities of this role are being performed on an interim basis by our IT Manager , whose experience includes two years supporting the cybersecurity function under the Vice President of Compliance and Information Technology. We are currently seeking a replacement to oversee our information security program. While cybersecurity threats remain a reality for all organizations, SES is committed to proactive risk management and continuous improvement in our security posture. We believe that the processes we have established for assessing, identifying, and managing material risks from cybersecurity allow us to effectively mitigate potential impacts and protect our business, operations, and products: ● In-sourced IT Services: By in-sourcing IT services in late 2023, we gained greater control over IT decisions, established a comprehensive knowledge base, and laid a framework allowing for unbiased assessments of future IT and cybersecurity investments. We have continued improvements using in-sourced IT services throughout 2024. ● 24/7 Network Monitoring: Our continuous 24/7 second-level maintenance and monitoring contract provides constant vigilance against network disruptions and potential cyber threats, ensuring swift detection and mitigation of incidents. ● Data Backup: Deployment of our new data backup system was completed in June 2024 and offers robust protection against catastrophic failures, early detection of data loss prevention events, and near real-time mitigation of ransomware attacks. ● In addition, at times we also engage assessors, consultants, auditors, or other third parties to assist with assessing, identifying, and managing cybersecurity risks. We face risks from cybersecurity threats that could have a material adverse effect on our relationship with our partners, suppliers and eventual customers, or on our business, operations or products. We have experienced, and will likely continue to experience, cybersecurity incidents in the normal course of our business; however, to our knowledge, we have not experienced a material cybersecurity incident during fiscal 2024 . See “Part I, Item 1A. Risk Factors - Risks Related to Privacy and Security - If we experience a significant cybersecurity breach or disruption in our information systems or any of our partners’ information systems, our business could be adversely affected.”

Company Information