ACORN ENERGY, INC. - (ACFN)
10-K Filing Date: March 07, 2024
Risk Management and Strategy
Securing our business information, intellectual property, customer and employee data and technology systems is essential for the continuity of our business, meeting applicable regulatory requirements and maintaining the trust of our stockholders. Cybersecurity is an important and integrated part of our enterprise risk management function that identifies, monitors and mitigates business, operational and legal risks.
To help protect us from a major cybersecurity incident that could have a material impact on operations or our financial results, we have implemented policies, programs and controls, including technology investments that focus on cybersecurity incident prevention, identification and mitigation. The steps we take to reduce our vulnerability to cyberattacks and to mitigate impacts from cybersecurity incidents include, but are not limited to: annual penetration testing by a third party vendor, cloud and agent based security scanning that runs continuously, establishing information security policies and standards, implementing information protection processes and technologies, monitoring our information technology systems for cybersecurity threats, assessing cybersecurity risk profiles of key third-parties, and implementing cybersecurity training. In addition, we annually purchase a cybersecurity risk insurance policy that would help defray the costs associated with a covered cybersecurity incident if it occurred.
Governance
Our Board of Directors is actively engaged in overseeing and reviewing our strategic direction and objectives, taking into account, among other considerations, our risk profile and related exposures, including oversight of risks from cybersecurity threats. As part of this oversight, the Company established a Cybersecurity Steering Committee consisting of certain members of our senior management team and a Board representative, that meets quarterly and updates the Board periodically, and at least annually, on our cybersecurity program, including with respect to particular cybersecurity threats, cybersecurity incidents, new developments in our risk profile, the status of projects to strengthen our cybersecurity systems, assessments of our cybersecurity program, and the emerging threat landscape.
14 |
Management has the responsibility to manage risk and bring to the Board’s attention any material near-term and long-term risks to the Company, including risks from cybersecurity threats. We actively engage with key vendors and industry participants and monitor new developments in global cybersecurity concerns as part of our continuing efforts to evaluate and enhance the effectiveness of our cybersecurity policies and procedures. Our Cybersecurity Steering Committee has developed a standard operating procedure that outlines specific steps to identify, mitigate and report on any cybersecurity-related incidents that may be discovered.
Although we did not experience a material cybersecurity incident during the year ended December 31, 2023, the scope and impact of any future incident cannot be predicted. See “Item 1A. Risk Factors” for more information on our cybersecurity-related risks.