THUNDER MOUNTAIN GOLD INC - (THMG)

10-K Filing Date: March 12, 2024
ITEM 1C - CYBERSECURITY

The Company recognizes the critical importance of cybersecurity in safeguarding sensitive information, maintaining operational resilience, and protecting stakeholders' interests. This cybersecurity policy is designed to establish a comprehensive framework for identifying, assessing, mitigating, and responding to cybersecurity risks across the organization.

The Company is in the process of establishing a cybersecurity policy which implement protocols to evaluate, recognize, and address significant risks, including those posed by cybersecurity threats. This strategy encompasses the utilization of standard traffic monitoring tools, educating personnel to identify and report abnormal activities, and partnering with reputable service providers capable of upholding security standards equivalent to or exceeding our own.

9


These measures are to be seamlessly integrated into our broader operational risk management framework aimed at minimizing exposure to unnecessary risks across our operations. For cybersecurity, we collaborate with expert consultants and third-party service providers to implement industry-standard strategies aimed at identifying and mitigating potential threats or vulnerabilities within our systems. Additionally, the policy strategy will have a comprehensive cyber crisis response plan to manage high severity security incidents, ensuring efficient coordination across the organization.

Cybersecurity threats haven't significantly impacted our operations, and we don't anticipate such risks materially affecting our business, strategy, financial condition, or results of operations. However, given the escalating sophistication of cyber threats, our preventive measures may not always suffice. Despite well-designed controls, we acknowledge the inability to foresee all security breaches, including those stemming from third-party misuse of AI technologies, and the potential challenges in implementing timely preventive measures. Please refer to Item 1A: Risk Factors for further insights into cyber attack-related risks.

The Chief Financial Officer will oversees our information security programs, including cybersecurity initiatives, and is integrated into our Cybersecurity Incident response process. The Audit committee oversees cybersecurity risk management activities, supported by Company management, the Board of Directors, and external consultants. We assess and prioritize risks based on potential impact, implement technical controls, and monitor third-party vendors' security practices.