AKTS Akoustis Technologies Inc

UNITED STATES

SECURITIES AND EXCHANGE COMMISSION

WASHINGTON, D.C. 20549

FORM 10-K/A

(Amendment No. 1)

(Mark One)

  ☒ ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934

For the fiscal year ended June 30, 2024

or

  ☐ TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934

For the transition period from ____________________ to ____________________

Commission file number: 001-38029

AKOUSTIS TECHNOLOGIES, INC.

(Exact name of registrant as specified in its charter)

Registrant’s telephone number, including area code: 1-704-997-5735

Securities registered under Section 12(b) of the Act:

Securities registered under Section 12(g) of the Act:

None

Indicate by check mark if the registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act. Yes ☐   No ☒

Indicate by check mark if the registrant is not required to file reports pursuant to Section 13 or 15(d) of the Exchange Act. Yes ☐   No ☒

Indicate by check mark whether the registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Exchange Act during the preceding 12 months (or for such shorter period that the registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days. Yes ☒   No ☐

Indicate by check mark whether the registrant has submitted electronically every Interactive Data File required to be submitted pursuant to Rule 405 of Regulation S-T during the preceding 12 months (or for such shorter period that the registrant was required to submit such files). Yes ☒   No ☐

Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, smaller reporting company, or an emerging growth company. See the definitions of “large accelerated filer,” “accelerated filer,” “smaller reporting company,” and “emerging growth company” in Rule 12b-2 of the Exchange Act.

If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. ☐

Indicate by check mark whether the registrant has filed a report on and attestation to its management’s assessment of the effectiveness of its internal control over financial reporting under Section 404(b) of the Sarbanes-Oxley Act (15 U.S.C. 7262(b)) by the registered public accounting firm that prepared or issued its audit report. ☐

If securities are registered pursuant to Section 12(b) of the Act, indicate by check mark whether the financial statements of the registrant included in the filing reflect the correction of an error to previously issued financial statements. ☐

Indicate by check mark whether any of those error corrections are restatements that required a recovery analysis of incentive-based compensation received by any of the registrant’s executive officers during the relevant recovery period pursuant to §240.10D-1(b). ☐

Indicate by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Exchange Act). Yes ☐   No ☒

The aggregate market value of the registrant’s common stock, par value $0.001 per share (“Common Stock”), held by non-affiliates on December 31, 2023 was approximately $60.4 million. For purposes of this computation, shares of Common Stock held by all officers, directors, and any beneficial owners of 10% or more of the outstanding Common Stock were excluded because such persons may be deemed to be affiliates of the registrant. Such determination should not be deemed an admission that such persons are, in fact, affiliates of the registrant.

As of October 2, 2024, there were 154,590,918 shares of Common Stock issued and outstanding.

EXPLANATORY NOTE

Akoustis Technologies, Inc. (the “Company”) is filing this Amendment No. 1 on Form 10-K/A for the fiscal year ended June 30, 2024 to amend the Annual Report on Form 10-K that was originally filed on October 8, 2024 (the “Original Report”) to include Item 1C. Cybersecurity. This Amendment No. 1 also updates, amends and supplements Part IV, Item 15 of the Original Report to include the filing of new Exhibits 31.3 and 31.4, certifications of our Chief Executive Officer and Chief Financial Officer, pursuant to Rule 13a-14(a) of the Securities Exchange Act of 1934, as amended. No other changes have been made to the Original Report, and this amended Annual Report is presented as of the filing date of the Original Report and does not reflect events occurring after that date or modify or update disclosures in any way other than as described herein.

PART I

Item 1C. Cybersecurity

We rely upon internally and externally managed information technology systems and networks for the collection and storage of sensitive data and business information. We approach cybersecurity risks with a comprehensive risk management and governance strategy designed to assess, identify, and manage cybersecurity risks to our business.

Risk Management and Strategy

Our cybersecurity program is designed to detect cybersecurity threats and vulnerabilities, protect our information systems from such threats, and ensure the confidentiality, integrity, and availability of systems and information used, owned, or managed by us. Our focus is on protecting sensitive information, such as the personal information of our customers and employees, and confidential business information that a competitor or a malicious actor could leverage. Our cybersecurity program has several components, including the adoption of information security protocols, standards, and guidelines consistent with industry best practices; engaging third-party service providers to conduct security assessments; performing periodic internal audits of our cybersecurity protocols. We adhere to the National Institute for Standards and Technology (NIST) SP 800-171 and Cybersecurity Maturity Model Certification (CMMC) 2.0 frameworks, which provide a set of standards, guidelines, and best practices to manage cybersecurity-related risks.

We have established policies and processes for assessing, identifying, and managing material risk from cybersecurity threats and have integrated these processes into our overall risk management systems and processes. We conduct regular risk assessments to identify cybersecurity threats and assessments in the event of a material change in our business practices that may affect information systems that are vulnerable to such cybersecurity threats. These risk assessments include identifying reasonably foreseeable internal and external risks, the likelihood and potential damage that could result from such risks, and the sufficiency of existing policies, procedures, systems, and safeguards in place to manage such risks. Following these risk assessments, we implement and maintain reasonable safeguards to minimize identified risks, reasonably address any identified gaps in existing safeguards, and regularly monitor the effectiveness of our safeguards.

We have implemented technical solutions designed to protect our information systems from cybersecurity threats, including firewalls, intrusion prevention and detection systems, antimalware and endpoint protection functionality, and access and identity controls. We regularly evaluate, monitor, and improve these solutions. As part of our overall risk management system, we monitor and test our safeguards and train our employees on these safeguards, in collaboration with human resources, information technology, legal, compliance and ethics, and management. Personnel at all levels and departments are made aware of our cybersecurity policies through periodic training. Further training is performed on a scheduled basis, covering cybersecurity topics and overall security hygiene, which reflect current techniques and tactics employees may encounter.

We have experienced incidents in the past and may experience them in the future. However, we have not experienced any cybersecurity incidents that have been determined to affect us materially, our business strategy, results of operations, or financial condition. As external events evolve, we will continue to evaluate and address these conditions as needed in our Business Continuity and Incident Response programs. For additional information regarding risks from cybersecurity threats, please refer to “Item 1A. Risk Factors – General Risks – Security breaches and other disruptions could compromise our proprietary information and expose us to liability, which would cause our business and reputation to suffer.”

Governance 

One of the key functions of our Board of Directors is informed oversight of our risk management process, including risks from cybersecurity threats. Our Board of Directors is responsible for monitoring and assessing strategic risk exposure, and our executive officers are responsible for the day-to-day management of the material risks we face. Our Board of Directors administers its cybersecurity risk oversight function directly as a whole, as well as through the IT Governance Committee.

Our Vice President of Information Technology regularly reports to our IT Governance Committee, which oversees our IT strategy, programs and risks, including the cybersecurity practices, procedures and controls management used to identify, assess and manage our key cybersecurity programs and risks, ensure the protection of the confidential intellectual property, information and data of the Company and its customers and ensure compliance with applicable data protection laws and regulations. Our Vice President of Information Technology has relevant experience of more than 25 years in information technology and cyber and information security, and he oversees our cybersecurity policies and processes, including those described in “Risk Management and Strategy” above. He also holds multiple certifications including Computer Information Systems Security Professional (CISSP), Certified in Information Systems Management (CISM), Certified in Information Systems Audit (CISA), Certified in Risk and Information Systems Control (CRISC), and CompTIA  Advanced Security Practitioner (CASP+). Our Vice President of Information Technology monitors and stays informed about prevention, detection, mitigation, and remediation efforts through regular communication and reporting from our IT department, and through the use of technological tools and software and results from third party assessments. Our Vice President of Information Technology provides quarterly briefings to the IT Governance Committee regarding our company’s cybersecurity risks and activities, including any recent cybersecurity incidents and related responses, cybersecurity systems testing, and activities of third parties. Our IT Governance Committee provides regular updates to the Board of Directors on such reports.

PART IV

ITEM 15. EXHIBITS AND FINANCIAL STATEMENT SCHEDULES

The following Consolidated Financial Statements are set forth in Part II, Item 8 of the Original Report.

Consolidated Financial Statements

Financial Statement Schedules

All financial statement schedules are omitted because they are not applicable or the required information is shown in the financial statements or notes thereto.

Exhibits

EXHIBIT INDEX

SIGNATURES

Pursuant to the requirements of Section 13 or 15(d) of the Securities Exchange Act of 1934, as amended, the Registrant has duly caused this report to be signed on its behalf by the undersigned, thereunto duly authorized.

6