In the context of the SEC's DEF 14A filing (Definitive Proxy Statement), Executive Compensation refers to the disclosure of how a public company pays its top executives. A mandatory section provides shareholders transparency about the company's approach to rewarding its leadership team.

Here's a breakdown of what's typically included in the Executive Compensation section of a DEF 14A:

• Summary Compensation Table: This table details the total compensation for each Named Executive Officer (NEO) for the past fiscal year. It typically includes base salary, bonus pay, stock options, and other benefits.

• Narrative Disclosure: This section explains the company's compensation philosophy more thoroughly. It describes how the company sets executive pay levels, what factors are considered (performance, industry standards, etc.), and how the compensation structure aligns with its long-term strategy.

• Board of Directors Compensation Discussion and Analysis (CD&A): This section details the rationale behind the Board of Directors' compensation decisions. It explains how the board considers various factors to ensure executive pay is competitive yet aligns with the company's performance and shareholder interests.

Why is Executive Compensation Disclosed in DEF 14A?

The SEC mandates this disclosure to promote transparency and accountability in how public companies compensate their top executives. Shareholders have a right to know how the company spends its money and whether executive pay aligns with its performance.

What do Shareholders do with this Information?

Shareholders can use the information in the Executive Compensation section to:

• Vote on an Advisory Say-on-Pay Proposal: Many companies include a non-binding shareholder vote on their executive compensation package within the DEF 14A. It allows shareholders to express their opinion on whether the compensation is fair and reasonable.

• Evaluate the Alignment of Interests: Shareholders can assess if the company's compensation structure incentivizes executives to make decisions that are in the company's and its shareholders' best interests over the long term.

By requiring disclosure of Executive Compensation in DEF 14A filings, the SEC aims to promote better corporate governance and ensure that executive pay reflects company performance and shareholder value.

ThreatNG's ability to analyze "Executive Compensation in DEF 14A" filings can offer insights beyond financial figures. Here's how it can benefit organizations in various aspects:

1. Potential Conflicts of Interest:

• Identifying Incentive Misalignment: ThreatNG can analyze executive compensation structures within a vendor's DEF 14A filing. By understanding how executives are rewarded, you can locate potential misalignments that could incentivize risky behavior. For example, focusing on short-term stock options might encourage cutting corners on security investments.

• Uncovering Potential Bribery or Corruption Risks: In extreme cases, analyzing compensation structures alongside other red flags within DEF 14A filings might raise concerns about potential bribery or corruption within a vendor's organization.

2. Improved Third-Party Risk Management (TPRM):

• Evaluating Vendor Leadership Focus: ThreatNG can reveal a vendor's emphasis on cybersecurity within its executive compensation structure. If cybersecurity performance metrics are absent or de-emphasized in compensation plans, it might indicate a lack of leadership commitment to security, potentially leading to higher risks.

• Informing Risk-Based Decisions: ThreatNG can provide additional data points to support your risk assessments of potential vendors. Understanding their compensation structure can give insights into their risk culture and help you make more informed partnership decisions.

3. Enhanced Supply Chain Risk Management:

• Identifying Systemic Weaknesses: ThreatNG can analyze executive compensation structures across multiple vendors within your supply chain. It can reveal patterns of misaligned incentives or lack of focus on cybersecurity within the broader ecosystem, potentially highlighting areas of systemic weakness.

• Prioritizing Remediation Efforts: By understanding the compensation structures of various suppliers, ThreatNG can help prioritize which vendors require the most urgent security improvements within your supply chain.

4. Integration with Security, GRC, and Risk Management Solutions:

ThreatNG's insights from DEF 14A filings can be integrated with other solutions to create a more comprehensive risk picture. Here are some examples:

• Security Ratings Platforms: ThreatNG can feed information about a vendor's executive compensation structure and potential incentive misalignments into security ratings platforms, providing a more holistic assessment of their security posture.

• Contract Management Systems: ThreatNG's insights can inform contract negotiations with vendors. If the DEF 14A filing reveals misaligned incentives, you might seek contractual guarantees around cybersecurity investments or performance metrics.

• Governance, Risk, and Compliance (GRC) Platform: ThreatNG can enrich the risk context within your GRC platform by incorporating information from DEF 14A filings related to executive compensation. It allows for a more effective risk management strategy that considers leadership focus and potential conflicts.

Example: A Healthcare Provider and its Software Vendor

• A healthcare provider uses ThreatNG to analyze the DEF 14A filings of its electronic health records (EHR) software vendor.

• ThreatNG identifies that the vendor's CEO receives a significant portion of their compensation in stock options, with bonuses heavily tied to exceeding quarterly sales targets. There's minimal mention of cybersecurity metrics or performance incentives.

• This information is integrated with the healthcare provider's GRC platform and contract management system.

• The GRC platform flags potential incentive misalignment within the vendor, raising concerns about security overshadowing short-term sales goals.

• The contract management system is used to negotiate revised terms with the vendor, requiring them to incorporate cybersecurity performance metrics into their executive compensation structure.

By analyzing executive compensation structures alongside traditional security measures, ThreatNG empowers organizations better to understand a vendor's risk culture and leadership priorities. It allows for building a more resilient security posture across the supply chain.