BLUM HOLDINGS, INC. - (BLMH)
10-K Filing Date: April 15, 2024
Risk Management
The Company has established protocols for evaluating, identifying, and mitigating significant risks stemming from cybersecurity threats. These protocols are integrated into the Company's overarching risk management framework, including potential risks arising from the utilization of third-party service providers. Furthermore, the Company has instituted monitoring procedures to proactively address and minimize risks associated with data breaches or security breaches originating from external sources. Periodically, the Company may enlist the expertise of third-party consultants, legal advisors, and audit firms to assess and fortify its risk management systems, as well as to manage and resolve specific cybersecurity incidents, as deemed necessary.
Governance
Under our enterprise risk management initiative, the Board of Directors (“Board”) and the Audit Committee engage in regular discussions with our senior management team, including the Chief Executive Officer, Chief Financial Officer, and Chief Legal Officer, to manage cybersecurity threats. The Board and Audit Committee are promptly briefed on any cybersecurity incident surpassing predetermined reporting thresholds, receiving continuous updates until resolution.
Cybersecurity threats represent a paramount concern for the Company. Our information systems department collaborates closely with senior management to implement a comprehensive program aimed at safeguarding our information systems and promptly responding to cybersecurity incidents, adhering to established incident response and recovery protocols. Cross-functional teams are deployed across the organization to address and mitigate cybersecurity threats, with senior management overseeing prevention, detection, and remediation efforts in real-time, reporting significant developments to the Board and Audit Committee as necessary.
For the fiscal year ending December 31, 2023, no cybersecurity threats were identified that significantly impacted or are expected to significantly impact our business strategy, financial performance, or financial position. However, despite the robust capabilities, processes, and security measures in place, there exists the possibility of undetected vulnerabilities or misjudged risks. While our preventive measures aim to mitigate cybersecurity incidents, absolute security cannot be guaranteed, necessitating ongoing vigilance and adaptability in addressing potential risks.