Laird Superfood, Inc. - (LSF)

10-K Filing Date: March 13, 2024
ITEM 1C. CYBERSECURITY.

 

Risk Management, Strategy, and Governance

 

A dedicated, outsourced Chief Information Officer, in collaboration with outside cybersecurity partners, is responsible for leading enterprise-wide cybersecurity strategy, policy, standards, architecture, and processes. Qualified third-party service providers are tasked with developing, implementing, and executing that strategy. These third parties play a key role in our cybersecurity risk assessment and management processes as we rely on their cybersecurity experience and expertise to assess, identify, and manage emerging trends and risks from cybersecurity threats on an ongoing basis.

 

Our Chief Executive Officer and other members of our senior management as appropriate provide oversight and monitoring of these third parties, who provide regular reports to management. Management provides periodic reports to our Board of Directors as a whole, who are ultimately responsible for the oversight of risks from cybersecurity threats, which include updates on the Company’s cyber risks, the status of projects to strengthen our information security systems, assessments of the information security program, the emerging threat landscape, and any recommendations for additional internal controls, systems, or insurance coverage for board approval.

 

Our cybersecurity policies are focused on ensuring the security and protection of our systems, networks, and proprietary data which includes trade secrets, intellectual property, corporate strategic plans, marketing plans, material non-public financial information, and personally identifiable information such as employee and customer information. We also actively engage with key vendors as part of our continuing efforts to actively monitor system access, identify and quarantine potential cybersecurity threats, to assess and implement cybersecurity systems and tools, and to enhance the effectiveness of our information security policies and procedures.

 

Cybersecurity risk management processes are one component of our overall risk assessment process whereby, on an ongoing basis, we analyze our internal control environment and consider how threats to the business might circumvent those controls. These processes include control over and segregation of user access to key systems, monitoring of any user access anomalies, active monitoring of emerging trends in the broader market, timely identification and quarantine of any potential cybersecurity incidents, evaluation of our operations and business needs and how executing on those needs translates to potential threats, and training of end users to mitigate the likelihood of user error.

 

We assess materiality of cybersecurity incidents based on the type of breach, whether any information was accessed, the nature of the information accessed, and the potential for business interruption. As of the date of this report, we are not aware of any material risks from cybersecurity threats, that have materially affected or are reasonably likely to materially affect the Company, including our business strategy, results of operations, or financial condition.