MONOLITHIC POWER SYSTEMS INC 10-K Cybersecurity GRC - 2025-03-03

Page last updated on March 3, 2025

MONOLITHIC POWER SYSTEMS INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-03 15:14:51 EST.

Filings

10-K filed on 2025-03-03

MONOLITHIC POWER SYSTEMS INC filed a 10-K at 2025-03-03 15:14:51 EST
Accession Number: 0001437749-25-005903

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Cybersecurity Risk Management and Strategy We recognize it is imperative to diligently manage cybersecurity risks as defined in Item 106(a) of Regulation S-K. Such risks include operational risks of ransomware, phishing, fraud, extortion, harm to employees or customers and violation of data privacy or security laws. We address cybersecurity risks in our business, technical operations, privacy and compliance operations and programs through a diversified approach including threat-monitoring and assessments by third -parties, adopting IT security ISO standards/governance, and proactive risk and compliance reviews. In order to defend against cybersecurity incidents, we carry out real-time cybersecurity threat monitoring of IT assets, perform penetration testing, audit applicable data policies and conduct directed employee training. We also monitor new technologies and existing and emerging laws and regulations related to data protection and information security and implement changes that help to mitigate risk. We maintain an insurance policy that provides certain coverage for losses we incur due to data breaches and other cybersecurity incidents. We implemented incident response and breach management processes consisting of four stages: 1) monitor for and identify cybersecurity incidents, 2) carry out security incident analysis, 3) contain and recover, and 4) improve with post-incident analysis. Such incident responses are governed by the Cybersecurity Steering Committee. We regularly engage external auditors to assess our internal cybersecurity programs and compliance and have been certified to conform to the requirements of ISO/IEC 27001. There are no identified cybersecurity threats that have materially affected or are reasonably likely to materially affect our results of operations, or financial condition as of the date of this Annual Report on Form 10-K. To date, we do not believe we have experienced any material information security breaches and have not incurred significant operating expenses related to information security breaches. See “Risk Factors” for more information on our cybersecurity risks. Cybersecurity Governance As an important part of our risk management processes, cybersecurity is a focus area for our Board and management. Our Nominating and Corporate Governance Committee (the “NCG Committee”), which consists of independent members of the Board of Directors, is responsible for the oversight of risks from cybersecurity threats. The NCG Committee receives quarterly updates from the Cybersecurity Steering Committee. These updates include existing and emerging cybersecurity threats, risks, cybersecurity incident management and key information security initiatives. The NCG Committee also provides updates to our cybersecurity risk management and strategy programs to the Board of Directors on a quarterly basis. Our cybersecurity risk management and strategy processes are overseen by the Cybersecurity Steering Committee, which includes individuals with an average of over 18 years of prior work experience in various roles involving IT governance and management, cybersecurity, auditing, and compliance. The Cybersecurity Steering Committee actively participates in the cybersecurity risk management and strategy processes as described above, and regularly reports to senior management and the NCG Committee.

Company Information