Movano Inc. 10-K Cybersecurity GRC - 2025-04-09

Page last updated on April 9, 2025

Movano Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-04-09 17:09:07 EDT.

Filings

10-K filed on 2025-04-09

Movano Inc. filed a 10-K at 2025-04-09 17:09:07 EDT
Accession Number: 0001213900-25-030345

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy We operate in the technology and general wellness, continuous glucose and blood pressure monitoring sectors, which are subject to various cybersecurity risks that could adversely affect our business, financial condition, and results of operations, including intellectual property theft; fraud; extortion; harm to employees or customers; violation of privacy laws and other litigation and legal risk; and reputational risk. We have implemented a risk-based approach to identify and assess the cybersecurity threats that could affect our business and information systems. Our processes also include assessing cybersecurity threat risks associated with our use of third-party services providers in normal course of business use. Third-party risks are included within our cybersecurity risk management processes discussed above. In addition, we assess cybersecurity considerations in the selection and oversight of our third-party services providers, including due diligence on the third parties that have access to our systems and facilities that house systems and data. Our business depends on the availability, reliability, and security of our information systems, networks, data, and intellectual property. Any disruption, compromise, or breach of our systems or data due to a cybersecurity threat or incident could adversely affect our operations, customer service, product development, and competitive position. They may also result in a breach of our contractual obligations or legal duties to protect the privacy and confidentiality of our stakeholders. Such a breach could expose us to business interruption, lost revenue, ransom payments, remediation costs, liabilities to affected parties, cybersecurity protection costs, lost assets, litigation, regulatory scrutiny and actions, reputational harm, customer dissatisfaction, or harm to our vendor relationships. Cybersecurity Governance and Oversight Our board of directors oversees our cybersecurity risk management as part of its general oversight function. We maintain security controls that are continuously reviewed to protect against emerging cyber threats. At the Company level, we employ third party consultants to lead our efforts developing, implementing and maintaining these security controls and monitoring and minimizing the risks related to cybersecurity threats. These consultants regularly report to senior management, who is responsible for keeping our board of directors apprised of all material developments. Our Vice President of Engineering is primarily responsible for the cybersecurity controls and risk mitigation with respect to the products and services we offer our customers and those in development, including satisfying the rigorous requirements needed to achieve FDA clearance when applicable. Our Vice President of Engineering reports directly to our CEO and provides senior management with periodic updates regarding cybersecurity matters concerning our products and services. To manage our material risks from cybersecurity threats and to protect against, detect, and prepare to respond to cybersecurity incidents, we undertake the below listed activities: ● Implement third party cybersecurity testing (including penetration testing) of any new product feature developed prior to release; ● Maintain firewall and virus protection software; and ● Maintain a cybersecurity insurance policy. Our cybersecurity incident response processes are designed to escalate certain cybersecurity incidents to designated employees depending on the circumstances, including in some cases to our executive team. The board of directors receives periodic reports from management concerning our cybersecurity risk management program. As of the date of this Annual Report on Form 10-K, we are not aware of any cybersecurity threats that have materially affected, or are reasonably likely to materially affect, our business strategy, results of operations or financial position.

Company Information