Sphere 3D Corp. - (ANY)

10-K Filing Date: March 13, 2024
Item 1C. Cybersecurity
We understand the importance of preventing, assessing, identifying, and managing material risks associated with cybersecurity threats. Cybersecurity processes to assess, identify and manage risks from cybersecurity threats have been incorporated as a part of our overall risk assessment process and have been embedded in our operating procedures, internal controls and information systems. We have engaged a third-party vendor to provide a variety of cybersecurity services ranging from ongoing security advisory services to cybersecurity monitoring and response management.
We use a risk-based approach to identifying and overseeing cybersecurity risks presented by third parties, including vendors, service providers and other external users of our systems, as well as the systems of third parties that could adversely impact our business in the event of a cybersecurity incident affecting those third-party systems. For third parties that we rely upon for certain IT systems, we seek to use only reputable providers, to use the most recently reliable versions of such systems, and monitor and address alerts for potential vulnerabilities to any such systems. We do not believe that risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected us, including our business strategy, results of operations or financial condition.
28



Our Board of Directors oversees management’s processes for identifying and mitigating risks, including cybersecurity risks, to help align our risk exposure with our strategic objectives. Our Chief Executive Officer is responsible for assessing and managing cybersecurity risks, responding to any cybersecurity incidents and reporting any such incidents to our Board of Directors, and periodically briefs our Board of Directors on our cybersecurity and information security posture and on any cybersecurity incidents deemed to have a moderate or higher business impact. In the event of a material cybersecurity incident, our cybersecurity consultant has extensive information technology and program management experience. We believe that we have implemented a governance structure and processes that are equipped to assess, identify, manage and report cybersecurity risks. Refer to “Item 1A. Risk Factors” for a discussion of certain of the cybersecurity risks that our business is subject to. As a smaller reporting company, with respect to compliance with Form 8-K incident disclosure requirements, we are required to comply with the reporting requirements beginning June 15, 2024.