CBAK Energy Technology, Inc. - (CBAT)

10-K Filing Date: March 15, 2024
ITEM 1C. CYBERSECURITY 

 

We have taken a multifaceted approach to addressing cybersecurity risks, including leadership from our senior management and Board of Directors, direct supervision and operational execution from our information technology (“IT”) department and active involvement of employees. The Company’s senior management devotes significant resources to cybersecurity and risk management processes to adapt to the changing cybersecurity landscape and respond to emerging threats. We periodically assess the threat landscape and take a holistic view of cybersecurity risks, with a layered cybersecurity strategy based on prevention, detection and mitigation. Our IT team reviews cybersecurity risks, and we have a set of Company-wide policies and procedures concerning cybersecurity matters, including policies related to encryption standards, remote access, multi factor authentication, confidential information, the use of the internet, social media, email and wireless devices and incident response.

 

The Company’s Chief Executive Officer, an engineering expert with over eight years of experience in leading our company, is responsible for developing and implementing our information security measures and overseeing our IT department. The Company has established a physical firewall, with physical gateways that filter suspicious files and data flows entering and exiting our Company’s network. In addition, the computers in our R&D department are equipped with behavior control software, which makes emails and files sent from the R&D computers in an encrypted state and inaccessible without specific authorization from designated supervisors.

 

The Company’s IT department is directly responsible for cybersecurity matters and routinely reports to the senior management. In the event of a cybersecurity incident, the IT department will initially report to the Company’s senior management, including our Chief Executive Officer. If the incident is assessed as a material threat or incident to our information systems, our senior management will escalate the issue to the Board of Directors. Given that our core operations are in manufacturing and involve limited network-related activities, we believe that our existing cybersecurity measures are adequate. The Company’s Board of Directors and senior management are committed to continuously evaluating and upgrading our cybersecurity prevention, detection, and mitigation strategies in line with the evolution of our business needs and cybersecurity risks.

 

38

 

 

In the fiscal year ended December 31, 2023, we did not identify any cybersecurity threats that have materially affected or are reasonably likely to materially affect our business strategy, results of operations or financial condition. However, despite our efforts, we cannot eliminate all risks from cybersecurity threats, or provide assurances that we have not experienced undetected cybersecurity incidents. For additional information about these risks, see “Risks Related to Our Business—We rely significantly on technology and systems to support our production, supply chain, payments, financial reporting and other key aspects of our business. Any failure, inadequacy, interruption or security failure of those systems could have a material adverse effect on our business, reputation and brand, financial condition, and results of operations” and “Risks Related to Our Business—System security risk issues, and disruption of our internal operations or information technology systems, could have a material adverse effect on our business, financial condition, and results of operations” in Item 1A-Risk Factors.