Amprius Technologies, Inc. - (AMPX)

10-K Filing Date: March 28, 2024
Item 1C. Cybersecurity
We recognize the critical importance of maintaining the safety and security of our systems and data and have a holistic process for overseeing and managing cybersecurity and related risks. In general, we seek to address cybersecurity risks through a comprehensive, cross-functional approach. Our board of directors is actively involved in oversight of our risk management program, and cybersecurity represents an important component of our overall approach to enterprise risk management. Senior management also devotes significant resources to cybersecurity and risk management processes as well as to adapt to the changing cybersecurity landscape and respond to emerging threats in a timely and effective manner.
Risk Management and Strategy
We devote significant resources and designate high-level personnel, including our Chief Technology Officer who reports to our President of Amprius Lab, to manage the risk assessment and mitigation process. We conduct periodic risk assessments to identify cybersecurity threats, as well as assessments in the event of a material change in our business practices that may affect information systems that are vulnerable to such cybersecurity threats. These risk assessments include identification of reasonably foreseeable internal and external risks, the likelihood and potential damage that could result from such risks, and the sufficiency of existing policies, procedures, systems, and safeguards in place to manage such risks.
Following these risk assessments, we re-design, implement, and maintain reasonable safeguards to minimize identified risks; reasonably address any identified gaps in existing safeguards; and regularly monitor the effectiveness of our safeguards.
As part of our overall risk management system, we monitor and test our safeguards and train our employees on these safeguards, in collaboration with human resources, IT, and management. Personnel at all levels and departments are made aware of our cybersecurity policies through trainings and related documentation.
43

Index to Consolidated Financial Statements
We engage third parties in connection with our risk assessment processes. These service providers assist us to design and implement our cybersecurity policies and procedures, as well as to monitor and test our safeguards. We require each third-party service provider to certify that it has the ability to implement and maintain appropriate security measures, consistent with all applicable laws, to implement and maintain reasonable security measures in connection with their work with us, and to promptly report any suspected breach of its security measures that may affect our company.
For additional information regarding cybersecurity threats that are reasonably likely to materially affect our company, including our business strategy, results of operations, or financial condition, please refer to the section titled “Risk Factors” above.
Governance
Our board of directors, led by the Audit Committee, oversees our enterprise risk management, including the management of risks arising from cybersecurity threats. Management provides the board of directors with quarterly cybersecurity reports, which include a review of key performance indicators, test results and related remediation, and recent threats and how the Company is managing those threats. Our board of directors also receives prompt and timely information regarding any cybersecurity incident that meets established reporting thresholds, as well as ongoing updates regarding any such incident until it has been remediated. The chairman of our board of directors, Mr. Donald R. Dixon, is a Director for Business Executives for National Security (BENS.org), and a member of the Aspen Institute’s Cybersecurity Group, the nation’s leading cross-sector public-private cybersecurity forum and he has extensive experience leading cyber security oversight.
The President of Amprius Lab and the Chief Technology Officer are responsible for developing and implementing our information security program and reporting on cybersecurity matters to our board of directors. Our Chief Technology Officer has over 20 years of experience in managing IT, software and hardware systems and leading cybersecurity oversight. He works closely with our third-party managed service provider and managed security service provider to oversee cybersecurity risks, advise on employee trainings and respond to new risks and threats when they occur. We view cybersecurity as a shared responsibility by all operations, and we engage third-party vendors to periodically perform simulations and tabletop exercises across our company and incorporate other external resources and advisors as needed. All newly hired employees are required to complete two cybersecurity trainings during their onboarding process. All employees are required to complete cybersecurity online training every other month, including topics such as spear phishing as well as other awareness training.
We face a number of cybersecurity risks in connection with our business. Although such risks have not materially affected us, including our business strategy, results of operations or financial condition, to date, we have, from time to time, experienced threats to and breaches of our data and systems, including ransomware. While we maintain cybersecurity insurance, the costs related to cybersecurity threats or disruptions may not be fully insured. For more information about the cybersecurity risks we face, see the section titled “Risk Factors” above.