Blink Charging Co. 10-K Cybersecurity GRC - 2025-04-08

Page last updated on April 9, 2025

Blink Charging Co. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-04-08 19:55:49 EDT.

Filings

10-K filed on 2025-04-08

Blink Charging Co. filed a 10-K at 2025-04-08 19:55:49 EDT
Accession Number: 0001641172-25-003286

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY. Our management recognizes the importance of assessing, identifying, and managing material risks associated with cybersecurity threats, and manages those risks with a risk-management cybersecurity program. Among other things, these risks include operational risks, financial system risks, physical security risks, intellectual property theft, fraud, extortion, violation of data privacy and security laws, and harm to employees, drivers, site hosts, and property owners. Our capabilities and data, as well as those of our customers, suppliers, partners, and service providers, are critical to our operations and may contain confidential personal information, sensitive business-related information, or intellectual property. These capabilities are also susceptible to interruptions (including those caused by systems failures, cyber-attacks, and other natural or man-made incidents or disasters), which may be prolonged or go undetected. For additional information regarding risks from cybersecurity threats, please refer to Item 1A, “Risk Factors,” in this Annual Report on Form 10-K. Risk Management and Strategy We aim to incorporate industry best practices throughout our cybersecurity program and have live data recovery and breach policies in place. Our cybersecurity strategy focuses on implementing effective and efficient controls, technologies, and other processes to assess, identify, and manage material cybersecurity risks. Our cybersecurity program is designed to be aligned with applicable industry standards and is evaluated annually as a part of our Sarbanes-Oxley information technology control testing procedures. We have processes to assess, identify, manage, and address material cybersecurity threats and incidents. These include annual and ongoing security awareness training for employees, vulnerability scanning, code reviews, annual pen testing of the network and charging stations, and third-party risk assessments, among others. We actively engage with industry groups for benchmarking and best practices awareness. While we are unaware of having been subjected to or impacted by a significant cybersecurity threat to date, we monitor internally discovered or externally reported issues that may affect our products and services and have processes to assess those issues for potential cybersecurity impact or risk. We also have a process to manage cybersecurity risks associated with third-party service providers. We impose industry-standard security requirements upon our suppliers, including that they maintain an effective security management program; abide by information handling and asset management requirements; and notify us of any known or suspected cyber incident, among others. We obtain and review our third-party service providers’ SOC 1 Type II reports for appropriate information technology controls, including security, to ensure that they adhere to these standards, when available. Cybersecurity Governance Cybersecurity is an integral part of our risk management processes and a significant area of focus for the Board of Directors and management team. The Audit Committee is responsible for the cybersecurity component of our IT operations, and the Audit Committee reviews the status of ongoing efforts and incidents at every Board of Directors meeting. 27

Company Information