CADIZ INC - (CDZI)
10-K Filing Date: March 28, 2024
Cybersecurity Risk Management and Strategy
We have developed and implemented a cybersecurity risk management program intended to protect the confidentiality, integrity and availability of our critical systems and information from cybersecurity threats.
Our cybersecurity risk management program includes:
| ● | risk assessments designed to help identify material cybersecurity risks to our critical systems, information, products, services, and our broader enterprise IT environment; | |
| ● | offsite backup storage of critical systems and information; |
| ● | the use of external service providers to assess, test or otherwise assist with aspects of our security controls; | |
| ● | cybersecurity awareness training; | |
| ● | a cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents; and | |
| ● | a third-party risk management process to identify and mitigate risks from third parties, such as service providers, suppliers, and vendors. |
We have not identified any risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected or are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition. For additional information regarding risks from cybersecurity threats, see Item 1A, “Risk Factors”, above.
Cybersecurity Governance
Our Board considers cybersecurity risk as part of its risk oversight function and has delegated to the Audit & Risk Committee (the “Committee”) oversight of cybersecurity and other information technology risks. The Committee oversees management’s implementation of our cybersecurity risk management program as part of our overall enterprise risk management program.
The Committee receives periodic reports from management on our cybersecurity risks. In addition, management promptly updates the Committee regarding any material cybersecurity incidents, and as necessary as to any incidents with lesser impact potential. The Committee reports to the full Board regarding its activities, including those related to cybersecurity.
Our management team, with the assistance of our external service providers, is responsible for assessing and managing our material risks from cybersecurity threats. The team has primary responsibility for our overall cybersecurity risk management program and supervises the cybersecurity activities of both our internal personnel and our retained external cybersecurity consultants.