Altisource Asset Management Corp - (AAMC)

10-K Filing Date: March 29, 2024
Item 1C. Cybersecurity

While we take cybersecurity seriously, we mitigate the common cybersecurity risks that many companies face by greatly limiting the accessibility of and web-based activities. Of our 13 employees, only one employee plus one third-party information-technology consultant (our “IT Consultant”) that we contract with have access to our cyber system. No vendors or customers have access to our system, which greatly minimizes the risk of unauthorized access. No part of our business entails third-party members of the public accessing our accounts, making purchases, or ordering products or services, which greatly reduces our risks of cyber-attack and minimizes the potential consequences if such an attack were to occur. In addition, although we do have a website, it is maintained offsite.

Despite our relatively low risk cybersecurity profile and the minimal threat of cybersecurity incidents that we face, we contract with one IT Consultant to assist us in identifying any potential cybersecurity risks and in implementing and maintaining effective measures to reduce our cybersecurity risks. Our IT Consultant helps ensure that our system is updated with the latest cybersecurity patches and configurations and monitors our system and accounts for suspicious activity.

Additionally, we invest in firewall protection through Symantec Corporation, which is a provider of Internet-security technology and business-management solutions. Our Symantec firewall protection is designed to monitor and secure our computers from malicious inbound and outbound traffic and to provide an additional layer of protection to our network and data, which helps mitigate the risks of unauthorized access and cybersecurity threats.

In the event our IT Consultant becomes aware of any suspicious activity in our accounts or system, our IT Consultant would contact our Chief Executive Officer. Our Chief Executive Officer would consult with our IT Consultant to assess and determine the materiality of the risk presented by the suspicious activity and to determine what steps should be taken to protect the limited data we maintain online. Depending on the materiality of the risk, our IT Consultant and Chief Executive Officer would consult with our Board of Directors to determine an appropriate notification and risk-management plan.

Despite the low accessibility of our server and system and the resultant low cybersecurity risks that we face, we recognize that no system is completely protected from cyber threats, that cybersecurity risks are increasingly difficult to detect, and that the increasingly digitalized landscape that businesses operate in increase the pervasiveness and severity of cyber-attack risks. While we do not believe our business strategy, results of operations, or financial condition have been materially adversely affected by any cybersecurity threats or incidents, there is no assurance that we will not be materially affected by such threats or incidents in the future. We will continue to monitor cybersecurity risks with our IT Consultant and stay apprised of changes in the cyber environment.

15

(table of contents)