Scott's Liquid Gold - Inc. - (SLGD)
10-K Filing Date: March 26, 2024
Risk Management and Strategy
The Company utilizes information systems to support a variety of business processes and activities in its operations. These systems may be subject to cyber-based attacks or breaches. Some examples of the cybersecurity threats that could negatively impact the Company are denial of service attacks, excessive port scans, firewall breach and computer virus outbreak.
Cybersecurity risk management is part of management’s annual risk assessment program. In order to manage the risks associated with cybersecurity threats, the Company maintains a risk-based cybersecurity program consisting of processes, technologies, and controls to assess, identify and manage material risks from cybersecurity threats.
7
While the Company's information systems are exposed to cybersecurity threats and risks, the Company has not experienced any material cybersecurity incidents affecting its business strategy, results of operations, or financial condition, and any costs or operational impacts related to cybersecurity incidents were immaterial during the period presented.
For additional information related to the risks associated with cybersecurity threats, refer to the Information Security, Cybersecurity and Data Privacy Risks section of Item 1A. Risk Factors.
Governance
The Company’s Board of Directors is responsible for providing oversight and strategic guidance to management to support the long-term interests of the Company's shareholders. The Audit Committee is the lead committee of the Board of Directors responsible for oversight of the Company’s risk-based cybersecurity program and bears the primary responsibility for oversight of this aspect of the business. As part of this responsibility, the Audit Committee of the Board of Directors annually reviews the Company's Information Security Incident Response Plan.
On a quarterly basis, or more often as applicable, any cybersecurity incidents are summarized and reported to the Audit Committee of the Board of Directors which cover any identified cybersecurity incidents, results of third-party vulnerability testing, and key developments in policies.
Management’s Role Managing Risk
The Company’s cybersecurity risk management is managed by the President and Chief Financial Officer.
The Company engages with a range of third-party experts, including cybersecurity assessors, consultants, and auditors in evaluating and testing its risk management systems. These relationships enable management to leverage specialized knowledge and insights with respect to the Company’s cybersecurity strategies and processes.