{"url_path":"/sec/jetbf/10-k/2026/item-1c","section_key":"item-1c","section_title":"Item 1C CYBERSECURITY","topic":"sec","document":{"doc_type":"10-K/A","doc_date":"2026-06-10","source_url":"https://www.sec.gov/Archives/edgar/data/1846084/0001193125-26-265739-index.html","accession_number":"0001193125-26-265739","cik":"0001846084","ticker":"JETBF","issuer_name":"Global Crossing Airlines Group Inc.","edgar_url":"https://www.sec.gov/Archives/edgar/data/1846084/0001193125-26-265739-index.html","primary_entity_key":"0001846084","primary_entity_name":"Global Crossing Airlines Group Inc."},"word_count":373,"has_tables":true,"body_markdown":"ITEM 1C. CYBERSECURITY\n\n \n\nGlobalX’s Audit Committee, comprising board members and senior management from various departments including IT, operations, legal, risk management, and others, diligently engage in regular cybersecurity risk assessments. These comprehensive assessments are designed to proactively identify potential threats, vulnerabilities, and risks that could impact the integrity and security of the company’s airline systems, data infrastructure, and operational continuity. Evaluations span critical areas such as safeguarding flight systems, protecting passenger data, and mitigating operational disruptions.\n\n \n\nMoreover, the Audit Committee remains committed to providing timely updates and detailed reports, offering insights into the airline’s cybersecurity posture, ongoing initiatives, prevalent incident trends, and active remediation efforts. These reports are meticulously crafted, incorporating key metrics, performance indicators, and actionable recommendations aimed at continual enhancement.\n\n \n\nThe Board of Directors (the “Board”) conducts periodic reviews of GlobalX’s cybersecurity policies, procedures, and controls. These reviews are pivotal in ensuring the ongoing effectiveness of the company’s cybersecurity framework and its alignment with emerging threats and evolving industry best practices. Regular updates are meticulously implemented in an effort to fortify the company’s cybersecurity resilience in response to emerging risks and evolving regulatory requirements.\n\n \n\nOn May 5, 2025, the Company learned of unauthorized activity within its computer networks and systems supporting portions of its business applications, which the Company determined to be the result of a cybersecurity incident. Upon learning of this activity, the Company immediately (1) activated its incident response protocols and third-party cybersecurity experts to assist with containment and mitigation activities and to investigate the nature and scope of the incident and (2) took actions to contain and isolate the affected servers and prevent further intrusion. The Company also promptly notified law enforcement and fully coordinated with them.\n\n \n\nThe Company conducted an investigation and concluded that none of its operations were disrupted or negatively impacted by the incident or resulted in any material effect on the Company, or its financial condition or results of the operation. In addition, the Company has complied with all federal, state and local requirements for disclosure in regards to the incident.\n\n \n\nAs of December 31, 2025, and 2024, GlobalX remains proud to report that it has not encountered any cybersecurity incidents that have materially impacted, or are reasonably likely to materially impact, the Company."}