180 Life Sciences Corp. - (ATNF)

10-K Filing Date: March 23, 2024

Item 1C. Cybersecurity.

 

The Company understands the importance of preventing, assessing, identifying, and managing material risks associated with cybersecurity threats. Consultants specializing in cybersecurity risk were engaged to assess, identify and manage risks from cybersecurity threats separately from the Company’s other risk assessment processes. The cybersecurity risks assessed include operational risks, fraud, disaster recovery, and violation of data privacy or security laws. The assessment includes cybersecurity threats associated with the use of third-party service providers.

 

As a result of the cybersecurity risk assessment performed, the Company has implemented certain enhancements to cybersecurity processes and controls. This includes formal monitoring of capital equipment, verifying data encryption and security updates are in place, and enhancing the security of data sharing and transmission. Additional recommendations were made by the consultants, but due to budget constraints they are being considered for future enhancement.

 

We describe whether and how risks from identified cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition, under the heading “Failure of our information technology systems, including cybersecurity attacks or other data security incidents, could significantly disrupt the operation of our business”, included as part of our risk factor disclosures at Item 1A of this Annual Report on Form 10-K.

 

Cybersecurity is an important part of our risk management processes and an area of focus for our Board and management. Our CFO is responsible for the oversight of risks from cybersecurity threats, having prior experience managing business risks including those related to cybersecurity. The Board receives information and updates periodically with respect to the effectiveness of our cybersecurity and information security framework, data privacy and risk management. The Board will also be provided updates on any material incidents relating to information systems security and cybersecurity incidents. Although management and the Board will be made aware of cybersecurity incidents that could materially impact the Company, formal monitoring of all cybersecurity incidents is planned for future implementation.

 

As of and for the year ended December 31, 2023, there have been no cybersecurity incidents that have materially affected the Company’s business strategy, results of operations, or financial condition.

 

107