Sadot Group Inc. - (SDOT)
10-K Filing Date: March 20, 2024
Item 1.C. Cybersecurity
Risk Management and Strategy
Cyber criminals are becoming more sophisticated and effective every day, and they are increasingly targeting companies similar to our company operating in various part of the world. All companies utilizing technology are subject to threats of breaches of their cybersecurity programs. To mitigate the threat to our business, we take a comprehensive approach to cybersecurity risk management and make securing the data customers and other stakeholders entrust to us a top priority. Our board of directors (the “Board”) and our management are actively involved in the oversight of our risk management program, of which cybersecurity represents an important component. As described in more detail below, we have established policies, standards, processes and practices for assessing, identifying, and managing material risks from cybersecurity threats. We have devoted significant financial and personnel resources to implement and maintain security measures to meet regulatory requirements and customer expectations, and we intend to continue to make significant investments to maintain the security of our data and cybersecurity infrastructure. There can be no guarantee that our policies and procedures will be properly followed in every instance or that those policies and procedures will be effective. Although our Risk Factors include further detail about the material cybersecurity risks we face, we believe that risks from prior cybersecurity threats, including as a result of any previous cybersecurity incidents, have not materially affected our business to date. We can provide no assurance that there will not be incidents in the future or that they will not materially affect us, including our business strategy, results of operations, or financial condition.
Our policies, standards, processes and practices for assessing, identifying, and managing material risks from cybersecurity threats are integrated into our overall risk management program and are based industry standards. Key security, risk, and compliance stakeholders meet regularly to develop strategies for preserving the confidentiality, integrity and availability of our company and customer information, identifying, preventing and mitigating cybersecurity threats, and effectively responding to cybersecurity incidents. We maintain controls and procedures that are designed to ensure prompt escalation of certain cybersecurity incidents so that decisions regarding public disclosure and reporting of such incidents can be made by management and the Board in a timely manner.
Our cybersecurity team, are third party subject matter experts who regularly obtain cybersecurity certifications. Our program includes procedures to identify cybersecurity risks and threats of our third-party service providers. These procedures measure the maturity of third-party provider cybersecurity programs against industry best practices. The collection of this information is used to assess the use of third-party software or partnerships.
Our cybersecurity risk management program includes response plans that are aligned with our crisis response plans and outline the procedures and protocols to follow when a cybersecurity incident has or may have occurred, including to allow assessments related to disclosure and notice requirements to be timely made to regulators and affected parties. The response plan includes protocols to notify our Chief Executive Officer ("CEO"), our Chief Financial Officer ("CFO"), other members of senior management as appropriate, and, under certain circumstances, the Audit Committee of our Board, or our full Board as appropriate. We have integrated cybersecurity risk assessments into Sadot’s overall enterprise risk assessment to promote a company-wide culture of cybersecurity risk management.
Governance
Our Board, in coordination with the Audit Committee, oversees our management of cybersecurity risk. They receive regular communication from management about the prevention, detection, mitigation, and remediation of cybersecurity incidents, including material security risks and information security vulnerabilities. The Audit Committee receives regular updates from management on cybersecurity risk resulting from risk assessments, progress of risk reduction initiatives, external auditor feedback, control maturity assessments, and relevant internal and industry cybersecurity incidents.
Our CEO and CFO lead our Information Technology and cybersecurity team, which consist of third party specialist. The Information Technology team is responsible for assessing, identifying, and managing risks from cybersecurity threats. Our CEO and CFO regularly receive information on cyber security matters, and in turn communicate to the Audit Committee on such matters. Our CEO has more than 15 years of experience in leading and managing risk oversight for large organizations and our CFO has several years of experience in leading and managing risk oversight for public organizations.
32