US ENERGY CORP - (USEG)

10-K Filing Date: March 26, 2024
Item 1C. Cybersecurity.

 

Risk Management and Strategy

 

The Company’s cybersecurity environment is led by our information technology (IT) group, which, in addition to cybersecurity matters, oversees the Company’s IT infrastructure. The IT group is responsible for monitoring and managing the security of the Company's corporate network and enterprise systems, including technical controls, and safety protocols and responding to security threats.

 

The Company maintains a cybersecurity risk management program that establishes safeguards for protecting the confidentiality, integrity, and availability of our data, technology, and information systems. The program includes general controls for managing changes in and access to the Company’s IT environment, cybersecurity awareness and training to help employees identify and mitigate against cybersecurity threats, cybersecurity incident response plans and third-party incident response retainers to help expedite the Company’s response in the event of a cybersecurity incident.

 

The Company’s Director of IT is primarily responsible for the day-to-day operation of the Company’s cybersecurity program and for identifying cybersecurity threats and incidents and managing the material risks associated with the cybersecurity threats. The Company’s Director of IT engages third-party vendors and cybersecurity consortiums periodically for cybersecurity-related guidance and certifications. In the event of a cybersecurity incident, the Company’s process calls for the Director of IT, Chief Financial Officer, and Corporate Controller work to assess and respond to the incident and provide briefings to the Chief Executive Officer and the Audit Committee of the Board of Directors.

 

The Audit Committee is responsible for providing oversight over management's processes to identify and evaluate cybersecurity risks to which the Company is exposed and to implement processes and programs to manage cybersecurity risks and mitigate any incidents. The Audit Committee also reports material cybersecurity risks to the Board. We believe this risk management process provides visibility and oversight to allow the Board and executive leadership team to make timely, data-driven decisions ensuring that the Company, its employees, investors, and partners are adequately protected.

 

As of and for the year ended December 31, 2023, there have been no cybersecurity incidents that have materially affected the Company’s business strategy, results of operations, or financial condition.