Kodiak Gas Services, Inc. 10-K Cybersecurity GRC - 2025-03-06

Page last updated on March 7, 2025

Kodiak Gas Services, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-06 17:41:24 EST.

Filings

10-K filed on 2025-03-06

Kodiak Gas Services, Inc. filed a 10-K at 2025-03-06 17:41:24 EST
Accession Number: 0001767042-25-000010

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Strategy, Governance and Risk Management Kodiak maintains a cyber risk management program designed to identify, assess, manage, mitigate, and respond to cybersecurity threats, including the assessment of cybersecurity risks related to third-party vendors and suppliers. This program is integrated within the Company’s enterprise risk management process to ensure that cybersecurity considerations are an integral part of the Company’s decision-making process and the results of the risk assessment, which occurs at least annually, along with mitigation strategies, are discussed with the Kodiak Board and the Audit & Risk Committee. The underlying controls of the cyber risk management program are based on recognized best practices and standards for cybersecurity and information technology, including the National Institute of Standards and Technology (“NIST”) Cybersecurity Framework (“CSF”) and the International Organization Standardization (“ISO”) 27001 Information Security Management System Requirements. Kodiak has an annual assessment of the Company’s cyber risk management program against the NIST CSF, which is performed by a third-party. Cyber vendors serve as partners and are a key part of Kodiak’s cybersecurity infrastructure. Kodiak engages with leading cybersecurity companies and organizations, leveraging third-party technology and expertise. Kodiak engages with these partners to monitor and maintain the performance and effectiveness of products and services that are deployed in Kodiak’s operating environment. As a part of this strategy, Kodiak augments its internal cybersecurity team with an outsourced Cyber Security Operations Center providing monitoring of the cybersecurity environment and to coordinate the investigation and remediation of alerts. In addition, Kodiak has a program for staging incident response drills, which is in place to prepare support teams in the event of a significant incident. Kodiak maintains a cybersecurity team lead by our Chief Information Officer (the “CIO”). The CIO has managed cyber security programs at multiple private and public companies over the last 20 years, including roles as chief information officer and vice president of systems and technology. The CIO holds a Bachelor of Science degree in computer and information science. The CIO is supported by two internal full-time employees with backgrounds in cybersecurity, risk management and incident response. These individuals are both military veterans versed in forensic analysis and regulatory compliance and combined have 23 years of cybersecurity experience in the private and public sectors. They each have a Master’s degree in cybersecurity, extensive military training and several industry certifications. Kodiak further augments its cybersecurity team with an outsourced Chief Information Security Officer (the “CISO”) who reports to the CIO . The CISO is an information systems security professional with 24 years of cybersecurity leadership. The CIO, CISO and cybersecurity team are responsible for assessing and managing Kodiak’s cyber risk management program, informs senior management regarding the prevention, detection, mitigation, and remediation of cybersecurity incidents and supervises such efforts. The cybersecurity team has decades of experience selecting, deploying, and operating cybersecurity technologies, initiatives, and processes around the world, and relies on threat intelligence as well as other information obtained from governmental, public or private sources, including external consultants engaged by Kodiak. Kodiak faces risks from cybersecurity threats that could have a material adverse effect on its business, financial condition, results of operations, cash flows or reputation. Kodiak has experienced, and despite our security measures will continue to experience, cyber incidents in the normal course of its business, some of which may be material. However, as of the date hereof, we do not believe that any prior cybersecurity incidents have had, or that any risks from cybersecurity threats are reasonably likely to have, a material adverse effect on Kodiak’s business, financial condition, results of operations, or cash flows. See “Risk Factors - Risks Related to Intellectual Property, Information Technology and Cybersecurity-Kodiak has experienced cybersecurity incidents or IT system disruptions in the past, and cybersecurity breaches or IT system disruptions may adversely affect Kodiak’s business in the future.” Board Oversight Given the importance to our business and the heightened risk, the Audit & Risk Committee oversees the process of reviewing Kodiak’s cybersecurity risks, including cybersecurity exposures and the steps taken by management to monitor and control such exposures. The Kodiak Board reviews any actions and mitigating strategies regarding any identified cybersecurity risks. The cybersecurity team provides periodic updates to the Audit & Risk Committee on the effectiveness of Kodiak’s cyber risk management program. In addition, cybersecurity risks are reviewed by the Kodiak Board and the Audit & Risk Committee, at least annually, as part of the Company’s enterprise risk management program.

Company Information