XML 23 R12.htm IDEA: XBRL DOCUMENT v3.25.3
Cybersecurity Risk Management, Strategy, and Governance
 12 Months Ended
Sep. 30, 2025
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Item 1C. Cybersecurity

Cybersecurity Risk Management and Strategy

At Genasys, cybersecurity risk management is integrated into our overall risk management program through regular internal risk assessments and continuous monitoring. Under the leadership of the Information Technology (“IT”) Director, IT developed, implemented, and maintain a broad range of processes and protocols designed to monitor, identify, mitigate, and prevent material risks associated with cybersecurity threats and incidents relevant to internal networks, business applications, customer-facing applications, customer payment systems, and business operations. Our protocols include a third-party provided 24/7 Security Operations Center (SOC), which is designed to oversee our Endpoint Detection and Response (EDR) system and a robust Security Information and Event Management (SIEM) system that aggregates logs for real-time threat detection.

Our cybersecurity risk management program applies information and direction from industry-recognized cybersecurity frameworks, including the National Institute of Standards and Technology (NIST) Cybersecurity Framework 2.0 (CSF), specifically the NIST 800-171, the Department of Defense Cybersecurity Maturity Model Certification (CMMC) Level 2, Sarbanes Oxley (SOX), and Services Organization Controls (SOC) 2. Risks from cybersecurity threats associated with the Company’s use of third-party service

providers are managed through vendor assessments and SOC 2 report requests, designed to ensure that our partners adhere to strict cybersecurity standards.

Notwithstanding the foregoing, we have not identified and are not aware of any risks from cybersecurity threats, including as a result of any prior cybersecurity incidents, which have materially affected or are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition. Despite our security measures, however, there can be no assurance that we, or third parties with which we interact, will not experience a cybersecurity incident in the future that will materially affect us. See “Risk Factors – Actual or perceived failures or breaches of our information and security systems, or those of our customers, suppliers or business partners, could expose us to losses.”

Cybersecurity Governance

Board Oversight

Our Board of Directors considers cybersecurity risk as critical to the enterprise and includes it as part of the full Board’s oversight function. The full Board is updated on cybersecurity risks and compliance with relevant standards and regulations as part of its overall governance responsibilities, including quarterly Board meeting reports. Our Director of IT, who is responsible for the oversight and implementation of the cybersecurity program, also periodically makes presentations to Board members on cybersecurity topics as part of the Board’s continuing education on topics that impact our company. Additionally, we have an escalation process to inform the Board of high-severity cybersecurity incidents that may occur. Our Board also periodically engages independent third-party technology experts to test our information technology systems, including cybersecurity.

Management Role

The Director of IT leads the day-to-day management of cybersecurity at Genasys, supported by a team of two IT professionals with a combined 45 years of IT and cybersecurity experience. This team handles ongoing risk assessments, manages threat detection through our SOC and Security Information and Event Management (SIEM), ensures compliance with industry regulations, and informs executive management about ongoing efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means. This may include briefings from internal security personnel; sharing publicly or privately available threat intelligence and other information obtained from governmental, public or private sources, including external consultants engaged by us; and forwarding alerts and reports produced by network monitoring and security tools we deploy. Management also ensures that employees and contractors undergo quarterly cybersecurity training and phishing simulations, as part of a comprehensive awareness program.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] At Genasys, cybersecurity risk management is integrated into our overall risk management program through regular internal risk assessments and continuous monitoring.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block]

Board Oversight

Our Board of Directors considers cybersecurity risk as critical to the enterprise and includes it as part of the full Board’s oversight function. The full Board is updated on cybersecurity risks and compliance with relevant standards and regulations as part of its overall governance responsibilities, including quarterly Board meeting reports. Our Director of IT, who is responsible for the oversight and implementation of the cybersecurity program, also periodically makes presentations to Board members on cybersecurity topics as part of the Board’s continuing education on topics that impact our company. Additionally, we have an escalation process to inform the Board of high-severity cybersecurity incidents that may occur. Our Board also periodically engages independent third-party technology experts to test our information technology systems, including cybersecurity.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] Our Board of Directors considers cybersecurity risk as critical to the enterprise and includes it as part of the full Board’s oversight function.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] The full Board is updated on cybersecurity risks and compliance with relevant standards and regulations as part of its overall governance responsibilities, including quarterly Board meeting reports.Additionally, we have an escalation process to inform the Board of high-severity cybersecurity incidents that may occur. Our Board also periodically engages independent third-party technology experts to test our information technology systems, including cybersecurity.
Cybersecurity Risk Role of Management [Text Block]

Management Role

The Director of IT leads the day-to-day management of cybersecurity at Genasys, supported by a team of two IT professionals with a combined 45 years of IT and cybersecurity experience. This team handles ongoing risk assessments, manages threat detection through our SOC and Security Information and Event Management (SIEM), ensures compliance with industry regulations, and informs executive management about ongoing efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means. This may include briefings from internal security personnel; sharing publicly or privately available threat intelligence and other information obtained from governmental, public or private sources, including external consultants engaged by us; and forwarding alerts and reports produced by network monitoring and security tools we deploy. Management also ensures that employees and contractors undergo quarterly cybersecurity training and phishing simulations, as part of a comprehensive awareness program.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] Our Director of IT, who is responsible for the oversight and implementation of the cybersecurity program, also periodically makes presentations to Board members on cybersecurity topics as part of the Board’s continuing education on topics that impact our company.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] The Director of IT leads the day-to-day management of cybersecurity at Genasys, supported by a team of two IT professionals with a combined 45 years of IT and cybersecurity experience.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] This team handles ongoing risk assessments, manages threat detection through our SOC and Security Information and Event Management (SIEM), ensures compliance with industry regulations, and informs executive management about ongoing efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means. This may include briefings from internal security personnel; sharing publicly or privately available threat intelligence and other information obtained from governmental, public or private sources, including external consultants engaged by us; and forwarding alerts and reports produced by network monitoring and security tools we deploy. Management also ensures that employees and contractors undergo quarterly cybersecurity training and phishing simulations, as part of a comprehensive awareness program.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true