Blade Air Mobility, Inc. - (BLDE)
10-K Filing Date: March 12, 2024
Item 1C. Cybersecurity
Risk Management and Strategy
Blade’s cybersecurity is overseen by our senior management team including leaders from IT, Product Development, Finance, HR, and Legal. Our Chief Financial Officer, Vice President of Engineering and the Audit Committee of our Board of Directors review the organization's cybersecurity at regular meetings, which are quarterly, and when specific situations arise.
Discussions in these meetings cover issues important to Blade’s cybersecurity, which may include.
•Cybersecurity Threat Landscape: Emerging threats and trends;
•Incident Reports: Recent incidents and responses;
•Vulnerability Assessments and Penetration Testing: Identified vulnerabilities, remediation progress, and penetration testing results;
•Compliance: Adherence to laws, regulations, and standards;
•Security Policies and Procedures: Review and updates;
•Employee Training and Awareness: Training programs and awareness initiatives;
•Risk Management: Strategies to mitigate risks;
•Technology and Security Infrastructure: IT security and new technologies;
•Cybersecurity Insurance: Coverage and policy adequacy;
•Disaster Recovery and Business Continuity: Readiness and plan effectiveness’
•Performance Metrics: Effectiveness of security posture.
The company maintains safeguards including employee training, incident response reviews and exercises, cybersecurity insurance, and business continuity plans to protect its assets. Processes are regularly reviewed by internal and external experts. A third-party cybersecurity program is used to minimize disruption to business and operations.
To date, the Company has not experienced any material cybersecurity incidents and expenses incurred from cybersecurity incidents were immaterial (including penalties and settlements, of which there were none). For a discussion of whether and how any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect the Company, including its business strategy, results of operations or financial condition, see Item 1A. Risk Factors - "Risks Related to Intellectual Property, Cybersecurity, Information Technology and Data Management Practices", which are incorporated by reference into this Item 1C.