Crypto Co - (CRCW)

10-K Filing Date: April 16, 2024
Item 1C. Cybersecurity

 

Risk Management and Strategy

 

The Company adheres to cybersecurity practices shaped by relevant laws and industry benchmarks. We proactively manage cyber risks through a multidisciplinary framework designed to safeguard the integrity, confidentiality, and availability of our data and systems. This framework includes several key initiatives:

 

● Enterprise Risk Management—We identify primary cybersecurity threats to our operations.

 

● Vulnerability Management—We scrutinize software and computing infrastructure for potential vulnerabilities.

 

● Vendor Risk Management—We evaluate third-party and partner risks through initial assessments, enforce security through contractual obligations, when applicable, and conduct ongoing oversight.

 

● Privacy Risk Management—We ensure that our products and platforms comply with privacy laws and regulations.

 

● Incident Response—We maintain robust protocols to address and mitigate cyber threats promptly.

 

Our reliance on third-party service providers, who manage their own IT security, introduces additional vulnerabilities. These providers play a crucial role in securely handling and storing our sensitive data. Despite setting specific security requirements, we do not control their cybersecurity investments or operational security. Any security lapses on their part could potentially disrupt their services and, by extension, negatively impact our financial health and operational efficiency.

 

The Company (or third parties it relies on) may not be able to fully, continuously, and effectively implement security controls as intended. As described above, we utilize a risk-based approach and judgment to determine the security controls to implement and it is possible we may not implement appropriate controls if we do not recognize or underestimate a particular risk. In addition, security controls, no matter how well designed or implemented, may only mitigate and not fully eliminate risks. And events, when detected by security tools or third parties, may not always be immediately understood or acted upon.

 

In 2023, we encountered no cybersecurity threats that significantly influenced our operational, financial, or strategic outcomes. However, we acknowledge that our cybersecurity measures, while comprehensive, cannot completely eliminate the risk of cyber incidents or guarantee that all such incidents will be detected.

 

Governance

 

We regularly evaluate cybersecurity risks through discussions and updates with our Chief Executive Officer (“CEO”), who oversees our cybersecurity strategy. The CEO ensures that our management team can identify, evaluate, and manage cyber risks effectively and deploy measures to address and mitigate potential cyber incidents. This governance structure ensures that cybersecurity remains a central element of our strategic planning and risk management philosophy.