INNOVATE Corp. - (VATE)
10-K Filing Date: March 06, 2024
ITEM 1C. CYBERSECURITY
Cybersecurity Risk Management, Strategy, and Governance
Cybersecurity is a critical component of our operational integrity and strategic planning. Recognizing the evolving nature of cyber threats, we are committed to implementing robust cybersecurity measures to safeguard our digital assets, protect stakeholder interests, and ensure continuity of our operations.
Cybersecurity Risk Management Processes
Our approach to managing cybersecurity risks is proactive and comprehensive. We employ a range of methods to assess, identify and manage the risk of potential cybersecurity threats, including regular security audits, utilization of a third party service provider for security measures over our virtual environment, threat intelligence monitoring, and vulnerability assessments. Our risk management framework is designed to mitigate potential cyber risks through a blend of technological safeguards, employee training programs, and incident response protocols.
Cybersecurity Strategy and Investment
Our cybersecurity strategy is integral to our broader risk management policy. We invest in state-of-the-art cybersecurity technologies and infrastructure to enhance our defensive capabilities and have a dedicated system of internal controls in place to prevent, monitor and remediate cyber risks including any risks from utilization of third party service providers. Additionally, we allocate resources for ongoing staff training and awareness programs to foster a culture of cybersecurity mindfulness across the organization and maintain dedicated channels of communication with our third party service provider monitoring our virtual environment to facilitate timely cyber incident identification and remediation. Our strategic investments in cybersecurity are tailored to address the unique challenges and risks pertinent to our industry and operational scope.
44
Governance and Oversight
The governance of our cybersecurity efforts is overseen by the Audit Committee, which includes individuals with experience in technology and cybersecurity. The board regularly reviews and guides our cybersecurity policies and practices. Management plays a critical role in implementing these policies and in the day-to-day management of cybersecurity risks. They are empowered with the maintenance, communication and enforcement of cybersecurity policies and employ proactive measures to improve cyber security through review of various third party cyber tools for potential implementation. Our Head of IT and CFO are responsible for overseeing the implementation of cybersecurity strategies and ensuring compliance with regulatory standards. In addition to our in-house expertise, the Company employs independent external auditors and an outsourced internal audit team, who regularly test and asses our cybersecurity controls. Any cyber incidents that occur are escalated to the CFO to facilitate resolution. Any incident determined to be material is discussed with the Audit Committee and communicated to the company's internal and external auditors as well as the company's third party virtual environment service provider, when relevant).
Material Effects of Cybersecurity Risks
Our business strategy, results of operation and financial condition have been not been materially affected by risks from cybersecurity threats, nor did we experience any significant cybersecurity incidents in 2023. However, we cannot provide assurances that they will not be materially affected by such risks or material incidents in the future. We continually assess the material effects of potential cybersecurity risks on our financial and operational performance and maintain comprehensive insurance coverage to mitigate financial losses from potential cybersecurity incidents.
Compliance and Regulatory Considerations
Our cybersecurity practices are in alignment with industry standards and regulatory requirements. We conduct regular reviews to ensure compliance with evolving cybersecurity laws and regulations. There have been no legal or regulatory proceedings related to cybersecurity against the company in the reported period. We intend to further enhance our cybersecurity measures in response to the dynamic cyber threat landscape. This includes investing in advanced security technologies, refining our risk assessment methodologies, and continuing our commitment to staff training and development in cybersecurity awareness and best practices.