Joby Aviation, Inc. - (JOBY)

10-K Filing Date: February 27, 2024
Item 1C. Cybersecurity
Risk Management & Strategy
We have established a risk-based process for assessing, identifying and managing material cybersecurity threats. Our security program utilizes various tools, including physical, administrative and technical safeguards designed to help prevent and respond to cybersecurity threats and incidents. As risks are identified, we implement a variety of measures to manage and mitigate these risks such as firewalls, intrusion detection processes/systems, and vulnerability management. We have a Cyber Defense Center that utilizes incident response plans and various tools such as Splunk and Crowdstrike to respond and recover from cyber incidents. We also have an outside firm on retainer should the need arise to obtain additional assistance.
In addition, we have established an Information Security Awareness Program focused of several areas:
Formal training on topics such as phishing each month;
During Cyber Security Awareness month we provide additional training on topics like IT Policy, access management, and effective password management;
Company-wide informal training through lunch & learn sessions and department meetings;
Tabletop exercises with key personnel during which we simulate cybersecurity threats to test our capabilities and continually improve our response protocols.
We are actively engaged with the Aviation Information Sharing and Analysis Center (ISAC) which gathers, analyzes and shares information to combat cyber-related threats and weaknesses. We use this information to ensure we are aware of possible threats that could occur within our industry.
During the last three fiscal years, our business strategy, results of operations and financial condition have not been materially affected by risks from cybersecurity threats. For more information on our cybersecurity related risks, see Item 1A “Risk Factors” in this Annual Report on Form 10-K.
Governance
The Audit Committee of our Board of Directors is primarily responsible for oversight of the Company’s risk assessment and risk management, including cybersecurity risks. The committee meets at least annually with our Head of Information Technology, who provides a report on the Company’s current risk assessment as well as mitigation efforts. The Audit Committee also periodically updates the Board of Directors on risk matters.
Keith Moss, our Head of Information Technology, oversees our cybersecurity and information security program. He has over 30 years of experience in various CISO and information technology roles, and was previously the IT Director at Ford Motor Company North America. He holds a Master of Science in Computer Engineering and a Bachelor of Science in Computer Science from the University of Michigan and an MBA from Bowling Green State University.