Koil Energy Solutions, Inc. - (KLNG)
10-K Filing Date: March 27, 2024
Cybersecurity Risk Management and Strategy
Overall Risk Management
We maintain a cybersecurity program that is reasonably designed to protect our information, and that of our customers, against cybersecurity threats that may result in adverse effects on the confidentiality, integrity, and availability of our information systems.
The Company integrates cybersecurity risk management into its broader risk management framework to promote a company-wide culture of cyber risk awareness. The head of our IT department continuously evaluates and addresses cyber risks in alignment with business objectives, operational needs and industry-accepted standards, such as the National Institute of Standards and Technology (“NIST”).
The Company has processes and procedures in place to monitor the prevention, detection, mitigation and remediation of cybersecurity risks. These include but are not limited to:
| · | Maintaining a defined and practiced incident response plan; |
| · | Maintaining cyber insurance coverage; |
| · | Employing appropriate incident prevention and detection safeguards; |
| · | Maintaining a defined disaster recovery policy and employing disaster recovery software, where appropriate; |
| · | Educating, training and testing our user community on information security practices and identification of potential cybersecurity risks and threats; and |
| · | Reviewing and evaluating new developments in the cyber threat landscape. |
Managing Third Party Risk
Koil Energy recognizes the risks associated with the use of vendors, service providers and other third parties that provide information system services to us, process information on our behalf, or have access to our information systems, and the Company has processes in place to oversee and manage these risks. We conduct thorough risk-weighted security assessments of various third-parties and maintain ongoing monitoring to ensure compliance with our cybersecurity standards. This monitoring includes both annual assessments and assessments on an ongoing basis.
Risks from Cybersecurity Incidents
To our knowledge, Koil Energy has not been subject to cybersecurity incidents that have materially affected, or are reasonably likely to materially affect the Company, its operations or financial condition.
| 6 |
Cybersecurity Governance
Internal Cybersecurity Team
Our internal cybersecurity team, led by our IT Manager, is responsible for implementing, monitoring, and maintaining cybersecurity and data protection practices across the company. Our IT Manager has over 13 years in cybersecurity work experience and managing all levels of the Company’s on-premises and cloud infrastructure.
Management
Our management team periodically participates in the review of our cybersecurity systems, processes, threats and incidents with our internal cybersecurity team, including the controls and procedures that provide for the prompt escalation of certain cybersecurity incidents so that decisions regarding the public disclosure and reporting of such incidents can be made by management in a timely manner.
Board of Directors
The Audit Committee of the Company’s Board of Directors (the “Board”) is responsible for overseeing the Company’s cyber risk. Management has established a process for the Audit Committee to receive regular updates that encompass a broad range of topics, including:
| · | Current cybersecurity threat landscape and emerging threats; | |
| · | Status of ongoing cybersecurity initiatives and strategies; | |
| · | Incident reports and learnings from unique cybersecurity events, including those of other companies; | |
| · | Compliance status and efforts with regulatory requirements and industry standards; | |
| · | Regulatory updates; | |
| · | Vulnerability developments; and | |
| · | Other cyber risk topics as requested by the Board. |