VEEA INC. 10-K Cybersecurity GRC - 2025-04-15

Page last updated on April 15, 2025

VEEA INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-04-15 17:28:36 EDT.

Filings

10-K filed on 2025-04-15

VEEA INC. filed a 10-K at 2025-04-15 17:28:36 EDT
Accession Number: 0001213900-25-032215

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY. We manage cybersecurity and data protection through a continuously evolving framework, as described in further detail below. The framework allows us to identify, assess and mitigate the risks we face, and assists us in establishing policies and safeguards to protect our systems and the information of those we serve. 49 Risk Management Strategy The Company’s cybersecurity risk management program is focused on the following key areas: ● Governance: Our Audit Committee of our Board of Directors has oversight of our cybersecurity program and is in the process of implementing procedures to obtain regular updates on our cybersecurity program, including recent developments, key initiatives to strengthen our systems, applicable industry standards, vulnerability assessments, third-party and independent reviews, and other information security considerations. Our cybersecurity program is led by Mohan Gundu, our Senior Vice President of Engineering and Cloud Platform. Mr. Gundu holds an MBA in Business Administration from Babson College, a Master of Science in Computer Science from Worcester Polytechnic Institute and a Bachelor of Technology in Electronics and Communication from Jawaharlal Nehru Technological University. Mr. Gundu has over 20 years of development experience focused on architecture and security. Mr. Gundu has led transformative projects, cultivated cybersecurity awareness and promoted holistic cybersecurity practices that were aligned with policies defined and approved by management. Mr. Gundu and his team are dedicated to integrating security into development, ensuring robust cloud security, enforcing security policies, and driving shift-left practices with operational excellence at the Company. ● Approach: We use a cross-functional approach to identifying, preventing, assessing, and mitigating cybersecurity threats and incidents, while also implementing controls and procedures that are designed to provide for the prompt escalation of cybersecurity incidents and support appropriate public disclosure and reporting of incidents as required in a timely manner. Our cybersecurity efforts include the use of risk-based administrative, technical, and physical controls. Veea has implemented policies, procedures, systems and tools designed to help safeguard our systems and data, including firewalls, intrusion detection systems, access controls including multi-factor authentication, vulnerability scanning, penetration testing, independent third-party control audits, and other systems and processes. ● Incident Response Planning: We maintain a breach reporting and resolution plan that includes defined processes, roles, communications, responsibilities and procedures for responding to cybersecurity incidents and other events that impact our operations. Our incident response plans are tested and evaluated on a regular basis. ● Third-Party Risk Management: Our business relies on various services from third party service providers that could adversely impact the security of our systems and business. We have implemented processes designed to identify and assess cybersecurity risks associated with our use of third-party service providers. ● Education and Awareness: We provide various training programs and tools to employees so they can avoid risky practices and help us promptly identify potential or actual issues. We also have global incident response procedures, global service tools to log incidents and issues for investigation, and an ethics line to report concerns and follow up on matters already reported. The Compliance team, led by our Chief Technology Officer, develops and implements our strategy, as well as monitors systems and devices for risks and threats. We regularly review and update our policies, procedures, processes and practices to address changes in the threat landscape and as a result of lessons learned from suspected, actual or simulated incidents. We also conduct tabletop exercises and engage third party services to conduct evaluations of our security controls through penetration testing and independent audits. We also review industry best practices to assist in evaluating responses to new challenges and risks. These evaluations include testing both the design and operational effectiveness of security controls. Cybersecurity Risks While we dedicate resources and efforts to our cybersecurity program, we may be unable to successfully identify threats, prevent attacks, satisfactorily resolve cybersecurity incidents, or implement adequate mitigating controls. Any breach of our network security and information systems or other cybersecurity-related incidents that results in, or may result in, the loss, theft or unauthorized disclosure of data, or any delay in determining the full extent of a potential breach, could have a material adverse impact on our business, results of operations, and financial condition, including harm to our reputation and brand, reduced demand for our solutions, time-consuming and expensive litigation, fines, penalties, and other damages. To date and except as otherwise may be noted in this Annual Report, we do not believe that any cybersecurity threats, including as a result of any previous cybersecurity incidents have materially affected, or are reasonably likely to materially affect the Company, including its business strategy, results of operations or financial condition. For more information relating to cybersecurity risks and uncertainties, please see the risk factor entitled “Cybersecurity incidents may have a material adverse effect on Veea’s business, operations, financial performance, customer and vendor relationships, reputation and brand.” in Part I, Item 1A, and other risk factors in this 10-K.

Company Information