Future FinTech Group Inc. - (FTFT)
10-K Filing Date: April 16, 2024
Cybersecurity Risk Management and Strategy
We face various cyber risks, including, but not limited to, risks related to unauthorized access, misuse, data theft, computer viruses, system disruptions, ransomware, malicious software and other intrusions. We utilize a multilayered, proactive approach, as part of our overall risk mitigation strategy, to identify, evaluate, mitigate and prevent potential cyber and information security threats through our cybersecurity risk management efforts. We have an IT manager who is responsible for the identification, evaluation, and management of cybersecurity risks and controls. Our IT manager has related experience including: (i) network architecture design and planning: working on overall design and planning of network architecture, selection of related equipment and software, and its implementation; (ii) information security architecture design and planning: assisting the development of information security strategy, technical architecture and management system plan, design, and implementation; (iii) daily maintenance, emergency response support, maintenance report preparation, major IT project support, etc. and (iv) provide support for the operation and maintenance of various IT infrastructure, and ensure the stability of the company’s IT infrastructure. To oversee and identify risks from cybersecurity threats associated with our use of third-party service providers, we maintain third-party risk management efforts designed to help protect against the misuse of information technology and security breaches, including requirements in the agreements with such third parties.
We have not, to date, identified any cybersecurity threats that have materially affected or are reasonably likely to materially affect our business strategy, results of our operations, or financial condition.
Cybersecurity Governance and Oversight
Management is responsible for the cybersecurity risk management program as well as actions to identify, assess, mitigate, and remediate material issues. The Company’s cybersecurity risk management program is supervised by our IT manager, who reports directly to the Company’s Chief Executive Officer. The IT manager and his team are responsible for leading cybersecurity strategy, policy, standards, architecture and processes.
The Audit Committee of the Board of Directors is charged with oversight of cybersecurity matters and receives reports from the IT manager and Chief Executive Officer on, among other things, the Company’s cyber risks and threats, the status of projects to strengthen the Company’s information security systems, and the emerging threat landscape. In accordance with our Cyber Incident Response Plan, the Audit Committee will be promptly informed by management of cybersecurity incidents with the potential to materially adversely affect the Company or its information systems and is regularly updated about incidents with lesser impact potential. At least annually, the Board reviews and discusses the Company’s technology strategy in combination with the Company’s strategic objectives with executive management.
In an effort to detect and defend against cyber threats, the Company plans to provide its employees with various cybersecurity and data protection training programs which will cover timely and relevant topics, including social engineering, phishing, password protection, confidential data protection, asset use and mobile security, and educate employees on the importance of reporting all incidents promptly.
42