Microvast Holdings, Inc. 10-K Cybersecurity GRC - 2025-03-31

Page last updated on March 31, 2025

Microvast Holdings, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-31 16:56:23 EDT.

Filings

10-K filed on 2025-03-31

Microvast Holdings, Inc. filed a 10-K at 2025-03-31 16:56:23 EDT
Accession Number: 0001760689-25-000010

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Cybersecurity Risk Management and Strategy The security and integrity of our information systems, communication networks, IT infrastructure, and data centers are critical to the successful operation of our business. As such, we have invested in advanced technologies to identify and manage material cybersecurity risks that could impede our operations. We also engage reputable outsourced service providers to perform key operational functions, ensuring comprehensive protection of shared data and adherence to rigorous cybersecurity protocols. Microvast utilizes a set of policies, procedures, and technologies designed to prevent, detect, respond to, and recover from cybersecurity threats and incidents. These policies, based on the NIST Cybersecurity Framework, are regularly reviewed and updated to integrate industry best practices. Internal control evaluations are conducted routinely to ensure compliance and address any identified vulnerabilities. Our company did not experience any cybersecurity incidents that materially impacted our operations for the year ended December 31, 2024. We remain unaware of any active threats that could significantly affect our business strategy or financial condition. For more information on cybersecurity risks, see “Risk Factors - Risks Related to Our Business and Industry.” Cybersecurity Governance On July 26, 2023, the SEC adopted a rule requiring enhanced disclosure of cybersecurity risk management, strategy, and governance. Microvast’s SVP of Information Technology , is responsible for risk assessment and management. This individual has experience in developing security policies, enforcing compliance, orchestrating incident responses, and implementing cybersecurity strategies. Management is actively involved in cybersecurity governance, ensuring alignment with our overall business strategy. Their responsibilities include: - Security Objectives : Establishing security goals that correspond with corporate objectives and risk appetite. - Resource Allocation : Providing adequate resources, including budget and personnel, to address cybersecurity risks effectively. - Policy Development : Developing and maintaining policies that meet industry standards. - Risk Management : Directing risk management initiatives and instituting control measures to mitigate recognized risks. - Incident Response : Overseeing the implementation and regular testing of incident response plans, with employee training to ensure effective response capabilities. - Compliance : Ensuring adherence to applicable regulations, while remaining vigilant about emerging threats. Our Board of Directors evaluates our readiness to manage cybersecurity threats, receiving regular updates from the SVP of Information Technology, General Counsel, and CEO regarding any materially impactful cybersecurity risks. Specific Cybersecurity Measures Microvast has implemented various cybersecurity measures, including, but not limited to the following: - Establishing physical security protocols and securing network access via VPN. - Requiring multi-factor authentication for email and collaboration platforms. - Deploying endpoint detection and response (EDR) and antivirus solutions across all devices. - Enforcing strong password policies with a secured password vault for system credentials. - Minimizing attack vectors by eliminating external web-facing business-critical applications. - Utilizing encryption technologies to safeguard intellectual property and mitigate data loss risks. - Developing a comprehensive suite of information security policies and a strategic information security roadmap. - Implementing a Security Information and Event Management (SIEM) system. These efforts, coupled with the isolation of industrial networks and structured software installation processes, demonstrate our continued commitment to maintaining robust cybersecurity defenses.

Company Information