SURO CAPITAL CORP. - (SSSS)

10-K Filing Date: March 14, 2024
Item 1C. Cybersecurity

 

Cybersecurity Program Overview

 

We maintain, routinely review and evaluate our information technology and cybersecurity policies, practices and procedures (our “Cybersecurity Program”). The Cybersecurity Program has various policies and procedures, including an Information and Cybersecurity Policy and Business Continuity/Disaster Recovery Plan. Our Cybersecurity Program is administered by our Information Security Committee, which consists of our Chief Financial Officer, Chief Compliance Officer and other Company management and counsel, as appropriate, all of which is subject to the oversight of our Board of Directors. We also utilize the services of information technology and cybersecurity advisers, consultants and experts in the evaluation and periodic testing of our information technology and cybersecurity systems to recommend improvements to our Cybersecurity Program and in connection with any cybersecurity incident. We believe that the individuals involved in our Cybersecurity Program possess the necessary skills, experience and backgrounds that, when combined with the resources of our external information technology and cybersecurity advisers, consultants and experts, are sufficient to manage our Cybersecurity Program.

 

Management’s Role in Cybersecurity Risk Management

 

As part of our overall risk management process, our management engages at least annually in an enterprise risk management review and evaluation, during which management reviews the principal risks relating to our business and operations. Included in this process is a review and evaluation of our risks relating to our Cybersecurity Program. Additionally, as part of our Rule 38a-1 compliance program, we review at least annually the compliance policies and procedures of our key service providers, including documentation discussing each service providers’ information security and privacy controls. Any failure in our or our key service providers’ cybersecurity systems could have a material impact on our operating results. See “Item 1A. Risk Factors - General Risk Factors - The failure in cybersecurity systems, as well as the occurrence of events unanticipated in our disaster recovery systems and management continuity planning, could impair our ability to conduct business effectively.”

 

Board Oversight of Cybersecurity Risks

 

Our Board of Directors as a whole has responsibility for the Company’s risk oversight, with reviews of certain areas being conducted by the relevant Board committees that report on their deliberations to the full Board of Directors. The oversight responsibility of the Board of Directors and its committees is enabled by management reporting processes that are designed to provide visibility to the Board of Directors about the identification, assessment and management of critical risks and management’s risk mitigation strategies. Accordingly, our Board of Directors provides strategic oversight on cybersecurity matters, including material risks associated with cybersecurity threats. Our Board of Directors receives periodic updates from our Chief Compliance Officer (or more frequently, as needed) regarding the overall state of our Cybersecurity Program, information on the current threat landscape, and material risks from cybersecurity threats and cybersecurity incidents.