v3.25.4
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2025
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

ITEM 1C - CYBERSECURITY

 

Risk Assessment and Strategy

 

Fuel Tech regularly evaluates cybersecurity risk from computer viruses and more sophisticated and targeted cyber-related attacks such as ransomware, as well as cybersecurity failures resulting from human error and technological errors. Such risks are reviewed by our Information Technology Steering Committee on a monthly basis, or more frequently if deemed appropriate. 

 

Our overall strategy in combatting known cybersecurity risks includes a variety of individual tactics, including:

 

 

the use of antivirus software, virtual private networks, email security, as well as other software to prevent and detect data intrusions.

 the use of Multi-Factor Authentication (MFA) to add another layer of protection to company accounts and sensitive data.
 

the deployment of updates and patches as they are available and maintaining the current versions of major software to reduce the exposure to vulnerabilities.

 

the use of third-party service to conduct quarterly mandatory online training for all employees regarding identifying and avoiding cyber-security risks.

 the use of monthly phishing prevention campaigns to stimulate and measure awareness in order to prevent incidents caused by human error.
 

the review of the security procedures used by third parties that may host or otherwise have access to Fuel Tech’s data.

 

the deployment of third-party cyber-security experts to perform annual penetration testing on our internal and external networks and systems in an effort to identify potential vulnerabilities.

 

if necessary, the use of third-party security experts if and when an incident is detected

 

We are not aware of having experienced any material cybersecurity incidents. We are not aware of any existent cybersecurity threats that would materially affect, or are reasonably likely to materially affect, our business strategy, results of operations or financial conditions.  For more information, please see “Cybersecurity” under Item 1A “Risk Factors” above.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] Fuel Tech regularly evaluates cybersecurity risk from computer viruses and more sophisticated and targeted cyber-related attacks such as ransomware, as well as cybersecurity failures resulting from human error and technological errors. Such risks are reviewed by our Information Technology Steering Committee on a monthly basis, or more frequently if deemed appropriate.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block] We are not aware of having experienced any material cybersecurity incidents. We are not aware of any existent cybersecurity threats that would materially affect, or are reasonably likely to materially affect, our business strategy, results of operations or financial conditions.
Cybersecurity Risk Board of Directors Oversight [Text Block]

Management Oversight

 

Day-to day management of cybersecurity threats is conducted by our Information Technology department which is charged with identifying and reporting threats to senior management. On a monthly basis, cybersecurity is reviewed by our Information Technology Steering Committee, which is comprised of our Chief Executive Officer, Chief Financial Officer, General Counsel and Head of Information Technology.

 

Board Oversight

 

The Audit Committee of our Board of Directors, which is composed of all non-employee directors, is responsible for oversight of management’s efforts to eliminate cybersecurity risks.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] The Audit Committee of our Board of Directors, which is composed of all non-employee directors, is responsible for oversight of management’s efforts to eliminate cybersecurity risks.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] The Audit Committee of our Board of Directors, which is composed of all non-employee directors, is responsible for oversight of management’s efforts to eliminate cybersecurity risks.
Cybersecurity Risk Role of Management [Text Block] Day-to day management of cybersecurity threats is conducted by our Information Technology department which is charged with identifying and reporting threats to senior management. On a monthly basis, cybersecurity is reviewed by our Information Technology Steering Committee, which is comprised of our Chief Executive Officer, Chief Financial Officer, General Counsel and Head of Information Technology.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] Day-to day management of cybersecurity threats is conducted by our Information Technology department which is charged with identifying and reporting threats to senior management. On a monthly basis, cybersecurity is reviewed by our Information Technology Steering Committee, which is comprised of our Chief Executive Officer, Chief Financial Officer, General Counsel and Head of Information Technology.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] Day-to day management of cybersecurity threats is conducted by our Information Technology department which is charged with identifying and reporting threats to senior management. On a monthly basis, cybersecurity is reviewed by our Information Technology Steering Committee, which is comprised of our Chief Executive Officer, Chief Financial Officer, General Counsel and Head of Information Technology.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] Day-to day management of cybersecurity threats is conducted by our Information Technology department which is charged with identifying and reporting threats to senior management. On a monthly basis, cybersecurity is reviewed by our Information Technology Steering Committee, which is comprised of our Chief Executive Officer, Chief Financial Officer, General Counsel and Head of Information Technology.