Skillsoft Corp. - (SKIL)

10-K Filing Date: April 15, 2024
Item 1C. Cybersecurity

 

We have implemented an enterprise-wide information security program designed to identify, protect, detect, respond to, and manage reasonably foreseeable cybersecurity risks and threats. Our program utilizes various security tools to safeguard our information systems, aiding in prevention, identification, escalation, investigation, resolution, and recovery from vulnerabilities and security incidents. Examples of such security tools include internal reporting systems, monitoring and detection tools, third-party penetration testing and security assessments and a bug bounty program engaging security researchers. In addition, we have adopted a comprehensive incident response plan and process for detecting, mitigating, and investigating cybersecurity incidents, which employees, under the leadership of the Company's Chief Information Security Officer ("CISO"), regularly test through table-top exercises, testing of our security protocols through additional techniques such as penetration testing, debriefing after security incidents to improve our security and responses, and regular briefing to our directors and officers on our cybersecurity risks and preparedness.

 

Our global information security program is led by our CISO, who brings over 20 years of industry experience. Regular reports on cybersecurity threats, assessments, and findings are provided by the CISO to senior management and relevant teams. In addition, the CISO provides quarterly updates to the Board Audit Committee. The Board oversees annual enterprise risk assessments, with the Audit Committee specifically tasked with overseeing cybersecurity risks.

Additionally, we maintain a third-party security program to assess, prioritize, and mitigate risks associated with our vendors and partners. We also rely on third parties to implement appropriate security measures.

 

Regular risk assessments evaluate cybersecurity and technology threats, employing a widely adopted risk management model to prioritize risks and develop corresponding security controls. Our information security program undergoes regular reviews, audits, tests, and exercises to ensure effectiveness and enhance security measures.

 

Although we have experienced cybersecurity incidents in the past, as of the date of this report, we have not experienced any cybersecurity incidents that resulted in a material effect on our business, results of operations, or financial condition. Despite our continuing efforts, we cannot guarantee that our cybersecurity safeguards will prevent breaches or breakdowns of our or our third-party service providers’ information technology systems, particularly in the face of continually evolving cybersecurity threats and increasingly sophisticated threat actors. A cybersecurity incident may materially affect our business, results of operations or financial condition, including where such an incident results in reputational, competitive or business harm or damage to our Company, significant costs or the Company being subject to government investigations, litigation, fines or damages. For more information, see “We are regularly subject to cybersecurity and other similar attacks. If our security measures are breached or unauthorized access to customer data is otherwise obtained, our platforms may be perceived as insecure, we may lose existing customers or fail to attract new customers, our reputation may be harmed, and we may incur significant liabilities.”

 

 

21