PROFIRE ENERGY INC - (PFIE)

10-K Filing Date: March 13, 2024
Item 1C. Cybersecurity

Risk Management and Strategy

We recognize the importance of cybersecurity in safeguarding sensitive customer and employee information, protecting our stakeholders, and maintaining customer trust. Our approach to identifying and managing cybersecurity risks includes performing periodic risk assessments, implementing and overseeing governance and policies, maintaining an incident response plan, ongoing training and awareness programs, evaluating the control environments of third-party IT vendors, and a goal of continuous improvement. Cybersecurity is an important and integrated part of our enterprise risk management process that identifies, monitors, and mitigates business, operational and legal risks by involving employees, executive leaders, board members and third parties as necessary.

We understand the importance of educating our employees about cybersecurity risks, and, over the past several years have implemented awareness and training programs for employees with a goal of continually increasing employee education on the risks and threats of cybersecurity. This initiative aims to foster a culture of cybersecurity awareness and empower our employees to be vigilant in identifying and assisting with the mitigation of potential threats.

In addition, we maintain a cybersecurity risk insurance policy that would help defray the costs associated with a covered cybersecurity incident if it occurred; however, the costs related to cybersecurity threats or disruptions may not be fully insured.

Governance

The Chief Financial Officer and IT Manager comprise our cybersecurity team. This team is responsible for assessing and managing our cyber risk management program, informs senior management regarding the prevention, detection, mitigation,
20


and remediation of cybersecurity incidents and supervises such efforts. The cybersecurity team has experience selecting, deploying, and operating cybersecurity technologies, initiatives, and processes, and relies on threat intelligence as well as other information obtained from governmental, public and/or private sources, including external consultants.

The Audit Committee of the Board of Directors oversees the Company’s cybersecurity program and the steps taken by management to monitor, identify, and mitigate cybersecurity risks. The cybersecurity team briefs the Audit Committee on the effectiveness of the Company’s cyber risk management program, typically on a quarterly basis.

Our goal is for continuous improvement in our cybersecurity program. We regularly monitor, evaluate, and aim to enhance our capabilities, experience, and expertise through investments in technology, infrastructure, personnel, and the use of outside consultants. Our objective is to try to stay ahead of emerging threats and maintain the highest level of cybersecurity resilience.

We face risks from cybersecurity threats that could have a material adverse effect on our business, financial condition, results of operations, cash flows or reputation. Prior cybersecurity incidents have not had a material adverse effect on our business, financial condition, results of operations or cash flows, but the scope and impact of any future incident cannot be predicted. See “Risk Factors – Risks Relating to Our Business – Disruptions, failures or security breaches of our information technology infrastructure could have a negative impact on our operations.”