Abacus Life, Inc. - (ABL)
10-K Filing Date: March 21, 2024
Item 1C. Cybersecurity
Management is responsible for mitigating the Company’s risks, including cybersecurity. The Board of Directors has the oversight responsibility for the Company’s risk management and has delegated its responsibility over cybersecurity to the Audit Committee.
The Audit Committee periodically reviews the Company’s cybersecurity policy and programs established by management to mitigate cybersecurity and data risks. The periodic reviews take place on a quarterly basis and include reports from the Company’s cybersecurity team led by the Company’s Chief Information Security Officer (“CISO”) who has over 10 years of data security experience. The quarterly report provides an overview
26
of cybersecurity threats, key measures in place to mitigate cybersecurity threats and vulnerabilities, provides a status of ongoing security projects to strengthen the Company’s cybersecurity posture, as well as plans and resource needs for addressing possible future cybersecurity threats and vulnerabilities. The Company’s cybersecurity policy is centered on mitigating risks related to cybersecurity, privacy, physical security, and information security risk management.
The Company’s cybersecurity risk management approach is reviewed for alignment with the Company’s overall risk tolerance. The Company has a dedicated cybersecurity team led by the CISO who is responsible for executing the risk strategy and policies developed in coordination with the Company’s Chief Executive Officer, Chief Financial Officer, General Counsel, Presidents, and the Vice Presidents of Finance and Capital Markets.
The Company’s cybersecurity policy outlines every level of protection put in place to safeguard sensitive data as well as company technology assets, including threats and vulnerabilities posed from our interactions with suppliers and third-party service providers. These layers of protection include physical, local, and network layers as prescribed by standard information technology guidelines. The cybersecurity policy also contains procedures for responding to incidents that may threaten the security of Company systems and/or network, which include multiple layers of protections using current security measures and applications. The effectiveness of our security policy and procedures are tested frequently with periodic effectiveness reports shared with senior management and the Audit Committee to facilitate their risk oversight responsibilities.
No risks from cybersecurity threats or previous cybersecurity incidents have materially affected our business strategy, results of operations, or financial condition. However, there can be no assurance that our controls and procedures in place to monitor and mitigate the risks of cyber threats, including the remediation of critical information security and software vulnerabilities, will be sufficient and/or timely and that we will not suffer material losses or consequences in the future. Additionally, while we have in place insurance coverage designed to address certain aspects of cyber risks, such insurance coverage may be insufficient to cover all insured losses or all types of claims that may arise.