USA Rare Earth, Inc. 10-K Cybersecurity GRC - 2025-03-31

Page last updated on March 31, 2025

USA Rare Earth, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-31 17:28:02 EDT.

Filings

10-K filed on 2025-03-31

USA Rare Earth, Inc. filed a 10-K at 2025-03-31 17:28:02 EDT
Accession Number: 0001213900-25-026445

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. Risk management and strategy We rely on our technology network infrastructure and information systems to operate our business, interact with vendors and customers, and collect and make payments, among other functions. Our internally developed infrastructure and systems, as well as those systems and processes provided by third-party vendors, may be susceptible to damage or interruption from cybersecurity threats and incidents, which include any unauthorized access to our information systems that may result in adverse effects on the confidentiality, integrity or availability of such systems or related information. Such attacks have become more sophisticated over time, especially as threat actors have become increasingly well-funded by or themselves include governmental actors with significant means. We expect that the sophistication of cyber-threats will continue to evolve as threat actors increase their use of AI and machine-learning technologies. The Company experiences cyber threats in the normal course of its business, and computer viruses, hackers, employee misconduct and other external hazards could expose our information systems to security breaches, cybersecurity incidents or other disruptions, any of which could materially and adversely affect our business. Refer to Item 1A. Risk Factors, for additional details on cybersecurity risks that could potentially materially affect the Company. 36 We manage our risks from cybersecurity threats through our overall enterprise risk management process, which is overseen by the Board. Our cybersecurity risks are considered individually as part of our enterprise risk management process alongside other risks, and priorities and discussed with our Board. The Company seeks to prioritize the management of cybersecurity risk and the protection of confidential information and systems. Under the supervision of the Chief Executive Officer (" CEO “) and VP of Business Operations and Strategy, we work to identify all computing assets including hardware, software, and network infrastructure in order to conduct a risk assessment. We consider threats that may originate from both internal and external sources and maintain technical security controls internally. We are putting in place plans for our employees to receive mandatory recurring cybersecurity training and phishing exercises. The Company’s VP of Business Operations and Strategy reports directly to the CEO and leads the Information Technology team (collectively, the " IT Security Team “). The IT Security Team is responsible for the strategic oversight of cybersecurity risk management and strategy including the identification and assessment of cybersecurity threats and incidents. Periodically, the Company’s VP of Business Operations and Strategy is also responsible , alongside the Chief Financial Officer (” CFO “) and senior management, to keep the Audit Committee of the Board of Directors informed and briefed with respect to cybersecurity risks and risks. Our VP of Business Operations and Strategy has extensive experience of over 20 years in various IT roles across a range of cyber technologies, processes and strategies and is supported by the IT Security Team and the wider IT team, to support the Company’s cyber risk management processes, including the prevention, detection and mitigation of cybersecurity threats and incidents, and any required response to and remediation of such cybersecurity threats or incidents. Governance The Audit Committee is responsible for providing governance and oversight over the Company’s operational cybersecurity program, risk management and incident response on behalf of the Board. On a periodic basis, management will report the results of any risk assessments, including the evaluation of any cybersecurity risks, and the actions that the Company has taken to mitigate these risks. This includes assessing the measures and controls in place to mitigate cybersecurity risks and providing oversight of the response of any significant cybersecurity threats and incidents.

Company Information