BKV Corp 10-K Cybersecurity GRC - 2025-03-31

Page last updated on March 31, 2025

BKV Corp reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-31 14:42:48 EDT.

Filings

10-K filed on 2025-03-31

BKV Corp filed a 10-K at 2025-03-31 14:42:48 EDT
Accession Number: 0001628280-25-015622

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY BKV employs a comprehensive cybersecurity strategy to protect against threats that could compromise sensitive information, disrupt data or systems, or jeopardize the security of facilities and infrastructure, including third-party processing plants and pipelines. Managing Material Risks & Integrated Overall Risk Management BKV has strategically integrated cybersecurity risk management into its broader enterprise risk management framework to promote a company-wide culture of cyber risk awareness. BKV’s Chief Information Officer (“CIO”) and Manager of Cybersecurity work closely with its information technology (“IT”) department to continuously evaluate and address cybersecurity risks in alignment with business objectives, operational needs, and industry-accepted standards, such as the Center for Internet Security (CIS) Critical Security Controls and National Institute of Standards and Technology (NIST) frameworks. The Company has processes and procedures in place to monitor the prevention, detection, mitigation, and remediation of cybersecurity risks. These include but are not limited to: - Maintaining and regularly updating a defined and practiced incident response plan (“IRP”); - Maintaining cyber insurance coverage; - Employing appropriate incident prevention and detection software, such as antivirus, anti-malware, firewall, endpoint detection, and identity and access management; - Executing scheduled, recurring server and infrastructure patching processes; - Maintaining a defined disaster recovery policy and employing backup/disaster recovery software, where appropriate; - Educating, training, and testing employees on information security practices and identification of potential cybersecurity risks and threats; and - Ensuring familiarity and compliance with cybersecurity frameworks where appropriate. Engaging Third Parties on Risk Management Recognizing the complexity and evolving nature of cybersecurity risk, BKV engages with external experts, including, but not limited to a managed security service provider (“MSSP”), the Cybersecurity Operations Center (“CSOC”) team to evaluate, monitor, and test BKV’s cyber management systems and related cyber risks. The Company’s collaboration with these third parties includes audits, threat and vulnerability assessments, IRP testing, company-wide monitoring of cybersecurity risks, and consultation on security enhancements. Third-party experts have assisted BKV in conducting cross-functional tabletop exercises and quarterly strategic meetings as well as developing comprehensive remediation plans following cybersecurity assessments. Managing Third Party Risk BKV’s cybersecurity approach also assesses the risks associated with the use of vendors, service providers, and other third parties that provide information system services, process information on its behalf, or have access to its information systems, and has processes in place to oversee and manage these risks. In addition to the minimum security and control standards, these processes include other quality control measures as well. BKV also maintains ongoing monitoring to support continuous compliance with its cybersecurity standards, and regularly updates and patches third-party applications and tools when vulnerabilities are discovered. Risks from Cybersecurity Incidents As of March 31, 2025, BKV has not been subject to any material cybersecurity incidents and we are not aware of any cybersecurity risks that are reasonably likely to materially affect the Company, its operations, or financial standing. For additional information about cybersecurity risks associated with our business, see Item 1A, " Risk Factors ." Governance Risk Management Personnel We have an enterprise risk committee that includes our executive leadership team and other senior members within our legal, IT, finance and accounting, and operational departments, which oversees BKV’s operational, strategic, and corporate-level risks, including risk management. Our comprehensive cybersecurity risk management is led by our CIO who brings over 30 years of extensive experience in information technology with a specialization in cybersecurity. Her expertise spans global information systems and data, cybersecurity operations, security management strategies and tools, security assessment and remediation, as well as the design and implementation of controls to prevent and detect cybersecurity threats. BKV’s cybersecurity risk management program is overseen by management at multiple levels. The CIO and Manager of Cybersecurity play key roles in assessing, monitoring, and managing the Company’s cybersecurity risks. The CIO Cybersecurity governance also is supported by our IT department and CSOC. These stakeholders meet monthly to review the monthly cybersecurity assessment and remediation report. The IT department conducts extensive reviews of our systems, networks, and data infrastructure to identify potential cybersecurity threats and vulnerabilities and implements systems and tools to remediate perceived risks. These tools are designed to prevent and detect activities or events that could pose a cybersecurity risk to our business. Our third party CSOC team provides 24-hour monitoring to detect and respond to suspicious activity in real time. Monitor Cybersecurity Incidents The CIO and Manager of Cybersecurity are continually informed and updated about the latest developments in cybersecurity, including emerging threats and innovative risk management techniques. They implement and oversee processes for the 24/7/365 monitoring of our information systems as well as ongoing threat assessment monitoring. The deployment of advanced security measures, regular system audits to identify potential vulnerabilities, and periodic cyber assessment exercises support these programmatic efforts. In the event of a cybersecurity incident, the Company is equipped with a defined and practiced IRP. This plan includes immediate actions to mitigate the impact and long-term strategies for remediation and prevention of future incidents. Board of Director Oversight Our Audit & Risk Committee provides oversight of cybersecurity risk in connection with BKV’s comprehensive cybersecurity strategy and receives regular quarterly updates on our ongoing assessment of cybersecurity risks, threats, and data security programs to prevent and detect breaches and attacks against BKV. The CIO and other experts , as necessary, provide the Audit & Risks Committee quarterly updates that encompass a broad range of topics, including but not limited to: - Current cybersecurity threat landscape and emerging threats; - Status of ongoing cybersecurity initiatives and strategies; - Incident reports and learnings from unique cybersecurity events, including those of other companies; - Compliance status and efforts with regulatory requirements and industry standards; and - Benchmarked data on the performance of certain aspects of our cybersecurity program relative to our peers The Audit & Risk Committee meets quarterly to discuss areas that are potentially high risk to the Company.

Company Information