DYADIC INTERNATIONAL INC - (DYAI)

10-K Filing Date: March 28, 2024
Item 1C. Cybersecurity

 

Cybersecurity Risk Management and Strategy

 

We recognize the importance of assessing, identifying, and managing material risks associated with cybersecurity threats, as such term is defined in Item 106(a) of Regulation S-K. These risks include, among other things, operational risks, the risk of intellectual property theft, fraud, harm to employees or third parties with which we conduct business and violation of data privacy or security laws.

 

Identifying and assessing cybersecurity risk is integrated into our overall risk management systems and processes. We have established policies and controls for assessing, identifying and managing material cybersecurity risks and responding to material cybersecurity incidents.

 

We routinely assess material cybersecurity risks, including potential unauthorized occurrences on, or conducted through, our information systems that may compromise the confidentiality, integrity or availability of those systems or information maintained in them. We conduct periodic risk assessments to identify cybersecurity threats, as well as assessments when there is a material change in our business practices that we believe could affect information systems that are vulnerable to cybersecurity threats. These risk assessments include identifying reasonably foreseeable internal and external risks and the potential harm if the risks were to materialize. We conduct these risk assessments directly and also periodically engage third-party providers to support these processes.

 

24

 

Following these risk assessments, we evaluate how to appropriately implement and maintain reasonable safeguards to mitigate identified risks; reasonably address any identified gaps in existing safeguards; and regularly monitor the effectiveness of our safeguards. We have implemented cybersecurity tools, conducted employee training, and monitored emerging laws and regulations related to data protection and information security. We may also [obligate] certain third-party business partners to certify that they can implement and maintain appropriate security measures, consistent with all applicable laws, in connection with their work for us, and to promptly report any suspected breach of their security measures that may affect the Company.

 

Cybersecurity events and data incidents are evaluated, assessed based on severity and prioritized for response and remediation. Under our incident response policies, incidents are evaluated to determine materiality as well as operational and business impact and reviewed for privacy impact.

 

We have not, to date, experienced a cybersecurity incident that was determined to be material, although, like any technology provider, we have experienced incidents in the past. Despite our cybersecurity efforts, we may not be successful in preventing or mitigating a cybersecurity incident that could have a material adverse effect on our business. For additional information regarding whether any risks from cybersecurity threats are reasonably likely to materially affect our company, including our business strategy, results of operations, or financial condition, please refer to Item 1A, “Risk Factors,” in this Annual Report on Form 10-K.

 

Cybersecurity Governance

 

Cybersecurity is an important part of our risk management processes and an area of focus for our board of directors and management team. Our board of directors has delegated responsibility to the Audit Committee for the oversight of risks from cybersecurity threats. Members of the Audit Committee receive regular updates from senior management, including leaders from our information technology, legal and compliance teams regarding matters of cybersecurity. This includes existing and new cybersecurity risks, information on how management is addressing and/or mitigating those risks, cybersecurity incidents (if any) and the status on key information security initiatives.

 

Our Chief Executive Officer and Chief Financial Officer are principally responsible for overseeing the cybersecurity risk management program, in partnership with outside consultants, as well as managing and responding to material cyber incidents if any occur. They will provide periodic briefings to the Audit Committee and to the Board of Directors about our cybersecurity risks and activities, including cybersecurity incidents and responses, cybersecurity systems testing, third-party activities and related topics. In addition, our policies for managing and responding to cybersecurity incidents include procedures for appropriate escalations to our Audit Committee Chair.

 

© 2024 Material-Incidents. All rights reserved.