Weave Communications, Inc. - (WEAV)

10-K Filing Date: March 13, 2024
Item 1C. Cybersecurity
We maintain a comprehensive process for identifying, assessing, and managing material risks from cybersecurity threats (as such term is defined in Item 106(a) of Regulation S-K) as part of our broader risk management system and processes. We obtain input, as appropriate, for our cybersecurity risk management program on the security industry and threat trends from multiple external experts and internal teams. Teams of dedicated privacy, safety, and security professionals oversee cybersecurity risk management and mitigation, incident prevention, detection, and remediation. Leadership for these teams are professionals with deep cybersecurity expertise across multiple industries, including our Head of Security. Our executive leadership team, along with input from the above teams, are responsible for our overall enterprise risk management system and processes and regularly consider cybersecurity risks in the context of other material risks to the company.
As part of our cybersecurity risk management system, our incident management process tracks and logs privacy and cybersecurity incidents (as such term is defined in Item 106(a) of Regulation S-K) across Weave, our vendors, and other third-party service providers to remediate and resolve any such incidents. Significant incidents are reviewed regularly by a cross-functional working group to determine whether further escalation is appropriate. Any incident assessed as potentially being or potentially becoming material is immediately escalated for further assessment, and then reported to designated members of our senior management. We consult with outside counsel as appropriate, including on materiality analysis and disclosure matters, and our senior management makes the final materiality determinations and disclosure and other compliance decisions. Our management apprises Weave’s independent public accounting firm of matters and any relevant developments and also provides regular updates on cybersecurity to our Audit Committee and Board of Directors.
The Audit Committee has oversight responsibility for risks and incidents relating to cybersecurity threats, including compliance with disclosure requirements, cooperation with law enforcement, and related effects on financial and other risks, and it reports any findings and recommendations, as appropriate, to the full Board for consideration. Senior management regularly discusses cyber risks and trends and, should they arise, any material incidents with the Audit Committee.
Our business strategy, results of operations and financial condition have not to date been materially affected by risks from cybersecurity threats, including as a result of previously identified cybersecurity incidents, but we cannot provide assurance that they will not be materially affected in the future by such risks or any future material incidents. For more information on our cybersecurity related risks, see the section titled “Risk Factors” set forth in Part I, Item 1A of this Annual Report on Form 10-K.