{"url_path":"/sec/brls/10-k/2026/item-1","section_key":"item-1","section_title":"Item 1 C. Cybersecurity","topic":"sec","document":{"doc_type":"10-K","doc_date":"2026-06-02","source_url":"https://www.sec.gov/Archives/edgar/data/1852973/0001213900-26-063777-index.html","accession_number":"0001213900-26-063777","cik":"0001852973","ticker":"BRLS","issuer_name":"Borealis Foods Inc.","edgar_url":"https://www.sec.gov/Archives/edgar/data/1852973/0001213900-26-063777-index.html","primary_entity_key":"0001852973","primary_entity_name":"Borealis Foods Inc."},"word_count":479,"has_tables":true,"body_markdown":"Item\n1.C. Cybersecurity\n\n** **\n\nWe maintain processes designed to assess, identify,\nand manage material risks from cybersecurity threats. These processes are integrated into our broader enterprise risk management activities\nand are overseen by our Director of Operations, with support from external information technology consultants.\n\n \n\nOur cybersecurity risk management processes include:\n\n \n\n●periodic\nrisk assessments designed to identify cybersecurity threats relevant to our operations, information\nsystems, and data;\n\n \n\n●use\nof firewalls, endpoint detection, multi-factor authentication, and access controls to protect\nour information technology environment;\n\n \n\n●periodic\ncybersecurity awareness training for employees;\n\n \n\n●incident\nresponse procedures designed to enable identification, containment, and remediation of cybersecurity events; and\n\n \n\n●evaluation of cybersecurity risks associated with our use\nof third-party service providers, including cloud-based platforms used in our operations, marketing, and financial reporting processes.\n\n \n\n30\n\n \n\nWe engage third-party information technology\nconsultants to assist with monitoring, vulnerability assessments, and incident response support. We do not currently maintain a dedicated\ninternal cybersecurity function, which reflects our current size and stage of development.\n\n \n\nWe have experienced cybersecurity incidents in\nthe past. While such incidents have not had a material impact on our business, results of operations, or financial condition to date,\nthere can be no assurance that future incidents will not have a material adverse effect. We continue to evaluate and seek to enhance our\ncybersecurity practices in light of evolving threats and our operational requirements.\n\n \n\nAs of the date of this Annual Report, we are not\naware of any cybersecurity threats that have materially affected or are reasonably likely to materially affect the Company, including\nits business strategy, results of operations, or financial condition. However, as described in Part I, Item 1.A, “Risk Factors,”\nunder the heading “*Cybersecurity incidents or disruptions to our information technology systems could adversely affect our business*,”\ncybersecurity risks could, in the future, materially affect the Company.\n\n \n\n**Governance**\n\n \n\n*Board Oversight*\n\n \n\nOur Board of Directors is responsible for oversight\nof risks from cybersecurity threats. The Board receives periodic updates from management regarding cybersecurity matters, including the\nstatus of any material cybersecurity incidents, the results of risk assessments, and any changes to the Company’s cybersecurity risk profile.\n\n* *\n\n*Management’s Role*\n\n \n\nOur Director of Operations, Mike Wells, oversees\nthe Company’s day-to-day coordination of cybersecurity matters and works with external service providers and consultants responsible\nfor identifying, assessing and responding to cybersecurity risks and incidents. Management relies on the expertise of these external\nproviders for technical cybersecurity monitoring, support and incident response capabilities.\n\n \n\nThe Company relies significantly on third-party\nservice providers and external information technology consultants to support its information technology infrastructure and cybersecurity\nfunctions, including network monitoring, system maintenance, data protection, and cybersecurity risk management.\n\n \n\nManagement is responsible for implementing and maintaining the Company’s\ncybersecurity risk management processes, including incident response procedures, and for reporting material cybersecurity matters to the\nBoard on a periodic basis or on an accelerated basis in the event of a material or potentially material incident"}