The Executive Compensation section in a 10-K filing discloses the compensation details for a company's top executives. This disclosure is mandated by the SEC and aimed at increasing transparency and investor confidence in how companies compensate their leadership.

Here's a breakdown of what's typically included in the Executive Compensation section of a 10-K filing:

• Summary Compensation Table: This table summarizes the total remuneration for the previous three fiscal years given to the Chief Executive Officer (CEO), Chief Financial Officer (CFO), and the three highest-paid executives. Compensation is usually divided into base pay, bonuses, stock options, and other benefits.

• Detailed Compensation Discussion and Analysis (CD&A): This section explains the rationale behind the compensation packages for the named executives. It should explain how the compensation aligns with the company's performance and long-term strategy.

Why is Executive Compensation Disclosed in 10-K?

The SEC requires this disclosure to address investor concerns about excessive executive compensation. Investors have a right to understand how a company's compensation practices align with shareholder value creation.

What do Investors do with this Information?

Investors can use the information in the Executive Compensation section to:

• Assess Alignment of Pay with Performance: Investors can evaluate whether executive compensation is tied to the company's financial performance and strategic goals.

• Compare Compensation Practices: Investors can compare executive compensation packages across different companies within the same industry.

• Vote on Say-on-Pay Proposals: Some companies allow shareholders to vote on executive compensation packages through a "say-on-pay" proposal. The information in the 10-K filing can inform their voting decisions.

By requiring disclosure of Executive Compensation in 10-K filings, the SEC aims to promote transparency and encourage responsible compensation practices within public companies. It protects investor interests and aligns executive pay with company performance.

ThreatNG's capability to analyze "Executive Compensation" sections within 10-K filings goes beyond understanding pay structures. Here's how it can benefit organizations in various aspects of security and risk management:

1. Identifying Potential Conflicts of Interest:

• Misaligned Incentives and Security Risks: ThreatNG can analyze compensation structures within a vendor's 10-K filing. By understanding how executives are rewarded, you can identify potential misalignments that could incentivize risky behavior. For example, focusing on short-term stock options might encourage cutting corners on security investments.

• Uncovering Potential Bribery or Corruption Risks: In extreme cases, analyzing compensation structures alongside other red flags within a vendor's 10-K filing might raise concerns about potential bribery or corruption within their organization, indirectly impacting your security posture.

2. Improved Third-Party Risk Management (TPRM):

• Evaluating Vendor Leadership Focus on Security: ThreatNG can reveal a vendor's emphasis on cybersecurity within its executive compensation structure, as mentioned in its 10-K filing. If cybersecurity performance metrics are absent or de-emphasized in compensation plans, it might indicate a lack of leadership commitment to security, potentially leading to higher risks.

• Informing Risk-Based Decisions: ThreatNG can provide additional data points to support your risk assessments of potential vendors. Understanding their compensation structure and potential incentive misalignments can help you make more informed partnership decisions.

3. Stronger Supply Chain Risk Management:

• Identifying Systemic Weaknesses: ThreatNG can analyze executive compensation structures across multiple vendors within your supply chain using their 10-K filings. It allows you to identify patterns of misaligned incentives or lack of focus on cybersecurity within the broader ecosystem, potentially highlighting areas of systemic weakness.

• Prioritizing Remediation Efforts: By understanding the compensation structures and priorities of various suppliers revealed in their 10-K filings, ThreatNG can help prioritize which vendors require the most urgent attention regarding security improvements within your supply chain.

4. Integration with Security, GRC, and Risk Management Solutions:

ThreatNG's 10-K filing insights can be combined with those from other solutions to produce a more thorough risk profile risk profile. Here are a few instances:

• Security Ratings Platforms: ThreatNG can feed information about a vendor's executive compensation structure and potential incentive misalignments into security ratings platforms, providing a more holistic assessment of their security posture.

• Contract Management Systems: ThreatNG's insights can inform contract negotiations with vendors. If the 10-K filing reveals misaligned incentives, you might seek contractual guarantees around cybersecurity investments or performance metrics.

• Governance, Risk, and Compliance (GRC) Platform: ThreatNG can enrich the risk context within your GRC platform by incorporating information about executive compensation practices from 10-K filings. It allows for a more effective risk management strategy considering leadership focus and potential conflicts within your vendor ecosystem.

Example: A Manufacturing Company and its Semiconductor Supplier

• A manufacturing company uses ThreatNG to analyze the 10-K filing of its primary semiconductor supplier.

• According to ThreatNG, the supplier's CEO is paid mainly in stock options, with bonuses closely linked to meeting quarterly sales targets. The remuneration structure makes minimal reference to cybersecurity measurements or performance incentives.

• This information is integrated with the company's GRC platform and contract management system.

• The GRC platform flags potential incentive misalignment within the vendor, raising concerns about security overshadowing short-term sales goals. The contract management system is used to negotiate revised terms with the vendor, requiring them to incorporate cybersecurity performance metrics into their executive compensation structure.

By analyzing executive compensation structures alongside traditional security measures, ThreatNG empowers organizations better to understand a vendor's priorities and potential risks. It allows for a more resilient security posture across the entire supply chain ecosystem.