Avalon GloboCare Corp. - (ALBT)

10-K Filing Date: April 15, 2024
ITEM 1C. CYBERSECURITY

 

Cybersecurity Risk Management

 

We, like other companies in our industry, face several cybersecurity risks in connection with our business. Our business strategy, results of operations, and financial condition have not, to date, been affected by risks from cybersecurity threats. During the reporting period, we have not experienced any material cyber incidents, nor have we experienced a series of immaterial incidents, which would require disclosure.

 

44

 

 

In the ordinary course of our business, we use, store and process a bare minimum of data. To effectively prevent, detect, and respond to cybersecurity threats, we maintain a cyber risk management program, which is comprised of data segregation, penetration testing, and training. The cyber risk management program falls under the responsibility of a third party IT consultant, who has cross-functional expertise in IT management, cybersecurity, and engineering with more than 30 years of experience (the “IT Consultant”), who reports directly to our Chief Financial Officer. Under the guidance of the IT Consultant, we have minimized our data footprint to keep our cyber risk low.

 

We have implemented a cybersecurity risk management program that is designed to limit and mitigate risks from cybersecurity threats. Our cybersecurity risk management program incorporates several components, including employee training, periodic penetration tests, and multifactor authentications.

 

Governance

 

Under the ultimate direction of our CFO, with oversight from the Board, we maintain a security governance structure to evaluate and address cyber risk.

 

Our Board is responsible for the oversight of cybersecurity risk management. The Board delegates oversight of the cybersecurity risk management program to the Audit Committee. On a quarterly and as-needed basis, the CFO reports to the Audit Committee on our cybersecurity risk management program, including any critical cybersecurity risks, ongoing cybersecurity initiatives and strategies, and applicable regulatory requirements and industry standards. The CFO also provides updates to the Audit Committee of any cybersecurity incidents (suspected or actual) and provides updates on the incidents as well as cybersecurity risk mitigation activities as appropriate.