KORE Group Holdings, Inc. - (KORE)
10-K Filing Date: April 15, 2024
We recognize the critical importance of maintaining the safety and security of our systems and data and have a process for overseeing and managing cybersecurity and related risks, which is supported by both management and our Board.
Our cybersecurity functions are led by our Chief Technology Officer (“CTO”), who reports to our Chief Executive Officer. Our Senior Director - Global Security (“SDGS”), under the direction of the CTO, is responsible for overseeing our cybersecurity management program and the protection and defense of our networks and systems. The SDGS manages a team of cybersecurity professionals with broad experience and expertise, including in cybersecurity threat assessments and detection, mitigation technologies, cybersecurity training, incident response, cyber forensics, insider threats and regulatory compliance.
Our Board is responsible for overseeing our enterprise risk management activities in general, and each of our Board committees assists the Board in its role of risk oversight. The full Board receives an update on the Company’s risk management process and the risk trends related to cybersecurity at least annually from the CTO. The audit committee of the Board (the “Audit Committee”) specifically assists the Board in its oversight of risks related to cybersecurity. To help ensure effective oversight, the Audit Committee receives an update on cybersecurity from the CTO on an as-needed basis.
Our approach to cybersecurity risk management includes the following key elements:
Internal Audit Program – We operate an internal audit program. On an annual basis, our internal audit team conducts an overall business risk assessment, which includes an evaluation of cybersecurity risks. Included in this evaluation is a report on our cybersecurity posture and related matters that is presented to the leaders of the relevant business teams, who are responsible for prioritizing and addressing the risks identified.
Internal training and awareness – We provide training to our employees to help identify, avoid, and mitigate the risk from cybersecurity threats. Our employees are required to complete required cybersecurity awareness training upon hiring and also participate annually in required cybersecurity awareness training, unless on a leave of absence.
Vendor risk management program – We have implemented processes to identify and manage risks from cybersecurity threats associated with our use of third-party service providers. Our vendor risk management program establishes governance, processes and tools for managing various risks related to third-party service providers, including information security and supplier-related risks. As a condition of working with KORE, suppliers who access sensitive business or customer information are expected to meet certain information security requirements.
As of December 31, 2023, we have not identified risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, that have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations or financial condition. We are committed to investing in cybersecurity and to enhancing our internal controls and processes, which are designed to help protect our systems and information. For more information regarding the risks we face from cybersecurity threats, please see Part I, Item 1A, — “Risk Factors”.