Blade Air Mobility, Inc. 10-K Cybersecurity GRC - 2025-03-13

Page last updated on March 14, 2025

Blade Air Mobility, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-13 14:17:16 EDT.

Filings

10-K filed on 2025-03-13

Blade Air Mobility, Inc. filed a 10-K at 2025-03-13 14:17:16 EDT
Accession Number: 0001779128-25-000010

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Governance, Risk Management and Strategy Blade’s cybersecurity risk management processes are integrated into our broader risk management framework, Blade’s cybersecurity is overseen by our senior management team, comprising leaders from Information Technology, Product Development, Finance, Human Resources, and Legal departments. Our Chief Financial Officer, Vice President of Engineering and the Audit Committee of our Board of Directors conduct quarterly reviews of the organization’s cybersecurity posture, with additional meetings when specific situations arise . The Company has processes in place to update the Board in the event of a material cybersecurity incident. The Board of Directors has delegated primary responsibility for cybersecurity risk assessment and management to the executive management team. Within this framework, the Director of Cybersecurity and Vice President of Engineering jointly oversee the company’s cybersecurity operations and lead the cybersecurity leadership team. The Director of Cybersecurity, who possesses more than 25 years of experience in information technology and cybersecurity, directs the implementation of IT strategy and services across the Company’s operations. The Vice President of Engineering, also with more than 25 years of relevant experience, maintains supervisory authority over the Director of Cybersecurity’s functions. Discussions in these meetings cover issues important to Blade’s cybersecurity, which may include: - Cybersecurity Threat Landscape: Emerging threats and trends; - Incident Reports: Recent incidents and responses; - Vulnerability Assessments and Penetration Testing: Identified vulnerabilities, remediation progress, and penetration testing results; - Compliance: Adherence to laws, regulations, and standards; - Security Policies and Procedures: Review and updates; - Employee Training and Awareness: Training programs and awareness initiatives; - Risk Management: Strategies to mitigate risks; - Technology and Security Infrastructure: IT security and new technologies; - Cybersecurity Insurance: Coverage and policy adequacy; - Disaster Recovery and Business Continuity: Readiness and plan effectiveness’; and - Performance Metrics: Effectiveness of security posture. We engage leading cybersecurity firms to enhance our security posture. Additionally, we regularly undergo independent third-party security assessments and audits to evaluate and strengthen our cybersecurity controls and practices. We maintain formal processes to oversee our third-party service providers, including regular security reviews and continuous monitoring to identify and mitigate potential cybersecurity risks associated with these relationships. The company maintains safeguards including employee training, incident response reviews and exercises, cybersecurity insurance, and business continuity plans to protect its assets. Processes are regularly reviewed by internal and external experts . A third-party cybersecurity monitoring and protection service is used to detect and respond to threats, helping minimize disruption to business and operations. To date, the Company has not experienced any material cybersecurity incidents and expenses incurred from cybersecurity incidents were immaterial (including penalties and settlements, of which there were none). For a discussion of whether and how any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect the Company, including its business strategy, results of operations or financial condition, see Item 1A. Risk Factors “-Risks Related to Intellectual Property, Cybersecurity, Information Technology and Data Management Practices” in this Annual Report, which are incorporated by reference into this Item 1C .
Item 1C .

Company Information