WESTWATER RESOURCES, INC. - (WWR)
10-K Filing Date: March 19, 2024
ITEM 1C. CYBERSECURITY
RISK MANAGEMENT AND STRATEGY
The Company stores and transmits data including sensitive and nonpublic data regarding our company, employees, counterparties and customers, among others. Like many companies, we are the subject of attempts by unauthorized actors to disrupt our operations, access our data, or otherwise cause damage to our technology infrastructure, including through the use of phishing, malware and other attack vectors.
In addition, we are subject to cybersecurity risk in connection with vendors we utilize. For example, a weakness in vendor systems or software products that we use in the operation of our business may provide a mechanism for a cyber threat actor to access the Company’s systems or information through trusted paths. Recent global supply chain security incidents such as compromises of reputable software update services are illustrative of this type of occurrence. To date, Westwater has not been materially affected by cybersecurity incidents.
In light of the nature of the data at risk and the cyber-related threats faced by the Company, the Company employs an agency-wide cybersecurity detection, protection and prevention program for the protection of the Company’s operations and assets. This program includes cybersecurity protocols and controls, network protection, system monitoring and
31
detection processes, vendor risk management process, and regular cybersecurity and privacy training for employees. However, cybersecurity is an evolving landscape, and we are constantly learning from our own experiences as well as the experiences of others, and there can be no assurance that our processes and procedures will be successful in preventing all cybersecurity incidents.
GOVERNANCE
The Company’s Board of Directors is responsible for the oversight of risks related to cybersecurity threats. Management communicates with the Board of Directors on a regular basis regarding cybersecurity efforts through risk reporting and the development and testing of procedures and exercises for responding to both internal and external cyber threats.
The Company’s Information Technology department, which is headed by the Company’s Information Technology Administrator, is responsible for the Company’s information technology program, including addressing cybersecurity risks, and utilizes specialized vendors to enhance the program. The Information Technology department assess the effectiveness of its cybersecurity efforts through ongoing monitoring.
For a discussion of whether and how any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect the Company, including its business strategy, results of operations or financial condition, see Item 1A. Risk Factors, which is incorporated by reference into this Item 1C.
32