Hut 8 Corp. 10-K Cybersecurity GRC - 2025-03-03

Page last updated on March 3, 2025

Hut 8 Corp. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-03 06:36:00 EST.

Filings

10-K filed on 2025-03-03

Hut 8 Corp. filed a 10-K at 2025-03-03 06:36:00 EST
Accession Number: 0001558370-25-001996

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Cybersecurity Risk Management and Strategy Given the inherent and growing risks of operating our business, we recognize the importance of incorporating , monitoring, and updating cybersecurity risk programs as part of operating, management, and governance practices. Our Operations Risk Management Program has been designed to monitor and mitigate risks across our operations and assess cybersecurity risks related to customers, partners, and suppliers. Our Cybersecurity Program is an integral component of our Operations Risk Management Program. It is currently owned by our Chief Legal Officer and Corporate Secretary and will be led by a Vice President of IT and Cybersecurity, a position we are actively recruiting for. We also benefit from the insights of external third-party advisors . We believe our team, boasting extensive experience and holding various industry-standard cybersecurity certifications, capably handles a wide range of complex cybersecurity demands, including assessments, operations, and remediation across the entire spectrum of cybersecurity challenges. Our internal and external security teams collaboratively spearhead our cybersecurity efforts, focusing on standards, policy creation and implementation, architecture, and processes. Our Risk Committee, comprising senior executives and leaders from various departments, oversees and advises on technological risks confronting our business, including cybersecurity. Our internal experts and external third-party advisors assess our security posture on a regular basis, and the results of those reviews are reported to our Risk Committee and other relevant members of senior management as well as to our Board. Our Incident Response Committee, which is comprised of our leaders in the areas of information security, information technology, legal, finance, privacy, and communications, is responsible for leading our response to cyber incidents. Our Cybersecurity Incident Response Plan outlines the processes by which management and our Board monitor, detect, assess, and resolve cyber incidents. It is designed to identify material risks and appropriate procedures for managing them and ensure that necessary disclosures are made promptly to uphold transparency and compliance with relevant regulations. We, our third-party suppliers, and our customers, along with other companies in our industry, have been subject to, and are likely to continue to be the target of, data breaches, cyber-attacks, and other similar incidents as discussed in more detail in “Risk Factors.” We have implemented a Vendor Due Diligence process to oversee and identify material risks, including cybersecurity threats, stemming from our engagement with third-party service providers . Our process is designed to ensure that vendors presenting material technology or cybersecurity risks are subjected to a rigorous privacy and security review prior to engagement and monitored continuously for compliance with our stringent security standards. Despite the efforts and investments made, not all threats may be prevented. In light of the numerous cybersecurity risks that we face, it is reasonably likely that cybersecurity threats could materially affect our business, financial condition, or results of operations. See “Risk Factors.” Cybersecurity Governance We encounter a range of risks and continuously conduct comprehensive evaluations to refine our risk management strategies effectively. Management is principally responsible for identifying , evaluating, and managing the risks on a day-to-day basis, under the oversight of our Board and the Audit Committee. Our Audit Committee is responsible for overseeing our enterprise risk management processes, including our guidelines and policies governing the process of risk assessment and risk management, which includes cybersecurity. In addition, our Audit Committee is presented with information at its regularly scheduled and special meetings, including on risk and security posture, privacy, security initiatives and programs, and emerging conditions, and management provides more frequent, informal communications to the Board or Audit Committee between regularly scheduled meetings, as appropriate. Our Board or Audit Committee , as applicable, reviews this information and delivers strategic feedback, offers recommendations, and, when necessary, grants authorization or directs management to mitigate specific risk exposures.

Company Information