GRIID Infrastructure Inc. - (GRDI)

10-K Filing Date: April 15, 2024
Item 1C. Cybersecurity.

As a vertically integrated self-hosted and self-mining Bitcoin miner, the stability and security of GRIID's operating environment, the protection of our intellectual property, and the integrity and cybersecurity practices of strategic third parties are critical. GRIID's information security program is designed to detect, respond to, and manage reasonably foreseeable cybersecurity risks and threats. To protect our systems from cybersecurity threats, we use various security tools that help prevent, escalate, investigate, and recover from identified vulnerabilities and security incidents in a timely manner. We also maintain a third-party risk management program to identify, prioritize, assess, mitigate, and remediate third-party risks; however, we rely on the third parties we use to implement security programs commensurate with their risk and cannot guarantee their efforts will be successful in all circumstances.

We regularly assess risks from cybersecurity and technology threats and monitor our systems for potential vulnerabilities and exploit attempts. We use a widely adopted risk quantification model to identify, measure, and prioritize cybersecurity and technology risks and develop related security controls and safeguards. We take a risk-based approach to regular reviews and tests of our information security program and also leverage tabletop and other exercises to evaluate the effectiveness of our information security program and improve our security measures and planning.

Our systems periodically experience directed attacks intended to lead to interruptions and delays in our service and operations as well as loss, misuse, or theft of personal information (of third parties and employees) and other data, confidential information, or intellectual property. To date, we have not identified any cybersecurity threats that have materially affected or are reasonably likely to materially affect our business strategy, results of operations, or financial condition. However, despite our efforts, we cannot eliminate all risks from cybersecurity threats, or provide assurances that we have not experienced undetected cybersecurity incidents. For additional information about these risks, see Part I, Item 1A, "Risk Factors" in this Annual Report.

The Vice President of Information Security leads our information security program. Our VP of Information Security has over 20 years of industry experience, including serving in similar roles leading and evolving cybersecurity programs at other public companies. Regular reports are provided to senior management and other relevant teams on various cybersecurity threats, assessments, and findings.

As a newly public company, GRIID's Board of Directors will oversee our annual enterprise risk assessment, where we assess key risks within the company, including security and technology risks and cybersecurity threats. This oversight will include regular discussions on various cybersecurity matters, including risk assessments, mitigation strategies, areas of emerging risks, incidents and industry trends, and other areas of importance.