Sable Offshore Corp. 10-K Cybersecurity GRC - 2025-03-17

Page last updated on March 17, 2025

Sable Offshore Corp. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-17 16:15:55 EDT.

Filings

10-K filed on 2025-03-17

Sable Offshore Corp. filed a 10-K at 2025-03-17 16:15:55 EDT
Accession Number: 0001831481-25-000016

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Processes for Assessing, Identifying, and Managing Cybersecurity Risks Since the completion of the Business Combination on February 14, 2024, management has been working to create a defined cybersecurity risk management program, through the addition of enhanced applications to identify and mitigate risks. During 2024 the Company engaged and managed an experienced third party vendor , specializing in cybersecurity, to conduct a Company wide cybersecurity risk assessment. The assessment included a multi-phase approach consisting of open-source intelligence gathering, network system penetration testing of the Company’s internal, external, and wireless networks, and targeted social engineering through strategic phishing, vishing, and smishing campaigns. Action items and preventative recommendations were identified by management and are being incorporated into the Company’s information security incident response plan, which is designed to follow the National Institute of Standards and Technology Cybersecurity Framework 2.0 standards and practices for identifying and mitigating cybersecurity incidents. Management will complete implementation of the action items during 2025, which we intend to test periodically for effectiveness. No Previous Material Cybersecurity Threats As of the date of this report, we are not aware of any previous cybersecurity threats that have materially affected or are reasonably likely to materially affect the Company. However, we acknowledge that cybersecurity threats are continually evolving, and the possibility of future cybersecurity incidents remains. Despite the security and risk management measures that we have implemented and any additional measures we may implement or adopt in the future, our facilities and systems, and those of our third-party service providers, have been and are vulnerable to security breaches, computer viruses, lost or misplaced data, programming errors, scams, burglary, human errors, acts of vandalism, misdirected wire transfers, or other malicious or criminal activities. A successful attack on our information or operational technology systems could have material consequences for the Company. While we intend to devote resources to our security measures to protect our systems and information during 2025, these measures cannot provide absolute security. See “Item 1A. Risk Factors” for additional information about the risks to our business associated with a breach or compromise to our information technology systems. Board of Directors’ Oversight of Cybersecurity Risks The audit committee of our Board is responsible for the oversight of risks from cybersecurity threats. As part of its oversight, our audit committee and certain members of the Company’s management will meet quarterly to discuss ongoing initiatives and to facilitate coordination between Company stakeholders. Annually, our Vice President of Information Technology will review the Company’s cybersecurity risk management program with our audit committee and Board. Management’s Role in Assessing and Managing Cybersecurity Risks Our Vice President of Information Technology is primarily responsible for assessing and managing the Company’s material cybersecurity risks, monitoring the effectiveness of our cybersecurity detection and response processes and providing updates on cybersecurity to our executive team. Our Vice President of Information Technology has more than 25 years of experience working in the field of information technology, including significant experience directing enterprise-level cybersecurity programs.

Company Information