GAXOS.AI INC. - (GXAI)
10-K Filing Date: March 27, 2024
Cybersecurity is critical to advancing our overall objectives and enabling our digital efforts. As a company operating in the technology and software sectors, we face a wide variety of cybersecurity threats that range from common attacks such as ransomware and denial-of-service, to more advanced attacks. Our customers, suppliers and other partners face similar cybersecurity threats, and a cybersecurity incident impacting these entities could materially adversely affect our operations, performance and results. These cybersecurity threats and related risks make it imperative that we maintain focus on cybersecurity and systematic risks. Below is a discussion of our risk management and approach to governance as it relates to cybersecurity. For additional information on the impact of cyber risks, refer to Part I, Item 1A. “Risk Factors”, of this Form 10-K.
Risk Management and Strategy
Cybersecurity risk management is a core tenet of our information technology security program. We have implemented various cybersecurity technologies, controls, and processes to ensure the integrity and availability of our infrastructure, data, and operations. We periodically review and modify these technologies and processes to align with the latest in industry best practices and an ever-changing threat landscape.
As part of our cybersecurity risk management program, we perform the following:
● | Cybersecurity risk assessment is performed on all new products and product updates; |
● | Employ internal staff with security certifications, and we work with third parties to perform security vulnerability testing; |
● | Changes to data protection laws are closely monitored and necessary changes are implemented; |
● | Provide routine security training to employees and communicate any emerging threats; |
● | Review the security posture of all third parties that we engage; |
● | Maintain a comprehensive incident response plan; |
● | Carry cybersecurity insurance to help mitigate any potential losses arising from cybersecurity incidents. |
While we face a number of ongoing cybersecurity risks in connection with our business, such risks have not materially affected us to date, including our business strategy, results of operations, or financial condition.
Governance
Our team responsible for monitoring and assessing cybersecurity threats, who reports directly to the Chief Executive Officer, manages and monitors our cybersecurity. Our board of directors, as a whole, has oversight for the most significant risks facing us and for our processes to identify, prioritize, assess, manage and mitigate those risks, including cybersecurity risks. The board of directors receives regular updates on cybersecurity and information technology matters and related risk exposures from our executive team.