SWK Holdings Corp - (SWKH)
10-K Filing Date: March 20, 2024
Cyber Risk Management and Strategy
We rely on information technology in our operations, and any material failures, inadequacies, interruptions, security failures, social engineering attacks or cyber-attacks could harm our business. To help manage these risks, we engage and rely on external experts and an information technology managed services provider. Our managed services provider’s information security analysts and IT security specialists offer us advice on technology, infrastructure, management, and productivity in relation to our information technology capabilities.
To address risks from cybersecurity threats, we have implemented and maintain cybersecurity policies and procedures, including an incident response plan, and our managed services provider implements a number of cybersecurity technologies and controls, including but not limited to, vulnerability scans and patch management tools. Our current approach to managing cybersecurity risks is informed by periodic risk assessments conducted by our managed services provider that incorporates elements of a recognized industry framework and evaluates our cyber risk management controls. We have implemented a process for senior management to review assessments performed and determine the appropriate treatment of identified risks.
We have also developed a cybersecurity risk management process for our third-party vendors. This process aims to assess the cybersecurity maturity of vendors who have access to our data or systems through an evaluation of the vendor’s cybersecurity risk profile. We, like other companies in our industry, face a number of cybersecurity risks in connection with our business. We have not identified any cybersecurity incidents or threats that have materially affected us or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition; however, like other companies in our industry, we and our third-party vendors have from time to time experienced threats that could affect our information or systems. For more information about the cybersecurity risks we face, see Item 1A “Risk Factors.”
Governance Related to Cybersecurity Risks
We engage a managed services provider as discussed above, which includes services to assist us with the identification, monitoring, and management of cybersecurity risks. Our managed services provider reports periodically to our management team, including our Chief Executive Officer (“CEO”). The CEO briefs the Board on information regarding cybersecurity matters at least quarterly.
Our risk manager, along with the CEO, oversee our policies with respect to risk assessment and risk management, including with respect to cybersecurity risks. The Audit Committee of our Board was recently tasked with oversight of the management of risks related to cybersecurity. The Audit Committee administers its risk oversight function by receiving reports from members of senior management, including the risk manager and CEO, on areas of identified material risk to the Company.