LUXURBAN HOTELS INC. - (LUXH)

10-K Filing Date: April 15, 2024
ITEM 1C. CYBERSECURITY

 

Cybersecurity risk management is an important part of our overall risk management efforts. We maintain a cybersecurity program that is comprised of policies, procedures, controls and plans whose objective is to help us prevent and effectively respond to cybersecurity threats or incidents. Through our cybersecurity risk management process, we monitor cybersecurity vulnerabilities and potential attack vectors to company systems. We, directly and through our third-party service providers, maintain various measures to safeguard against cybersecurity threats such as monitoring systems, security controls, policy enforcement, data encryption, employee training, tools and services from third-party providers and management oversight to assess, identify and mitigate risks from cybersecurity threats. We and our third-party service providers conduct regular testing of these controls and systems including vulnerability scanning, penetration testing and simulating the execution of parts of our disaster recovery plan.

 

We have implemented cybersecurity frameworks, policies and practices which incorporate industry-standards and contractual requirements. We gather information and review security protocols of certain third parties who integrate with our systems, such as our payroll processor, managed solutions provider, and software as a service provider, on an annual basis to identify and manage risk. We regularly seek to improve and mature our cybersecurity processes. We apply lessons learned from our efforts to help prevent attacks and utilize data analytics to detect anomalies and search for cyber threats.

 

60

 

 

Cybersecurity threats of all types, such as attacks from computer hackers, cyber criminals, nation-state actors, social engineering and other malicious internet-based activities, continue to increase generally in business and society. We believe that our current preventative actions and response planning provide adequate measures of protection against cybersecurity risks. While we have implemented measures to safeguard our information technology systems, the evolving nature of cybersecurity attacks and vulnerabilities means that these protections may not always be effective. In 2023, we did not identify any cybersecurity threats that have materially affected or are reasonably likely to materially affect our business strategy, results of operations, or financial condition. However, despite our efforts, we cannot eliminate all risks from cybersecurity threats, or provide assurances that we have not experienced undetected cybersecurity incidents. For additional information about these risks, see Part I, Item 1A, “Risk Factors” in this Annual Report on Form 10-K.

 

Governance

 

Our finance, risk & investment committee of our board of directors has oversight of our strategic and business risk management and oversees management’s execution of our cybersecurity risk management program. The board receives updates from management on our cybersecurity risks as may be required or prudent. In addition, management updates the board as necessary, regarding any material cybersecurity incidents. Management is responsible for identifying, assessing, and managing cybersecurity risks on an ongoing basis, establishing processes to ensure that such potential cybersecurity risk exposures are monitored, putting in place appropriate mitigation measures, maintaining cybersecurity policies and procedures, and providing regular reports to our board of directors. In the event of an incident, we intend to follow our incident response plan, which outlines the steps to be followed from incident detection to mitigation, recovery and notification, including notifying functional areas (e.g. legal), as well as senior leadership and the board, as appropriate.

 

Our Chief Operating Officer and Director of Revenue Management oversees our cybersecurity program and is responsible for our overall information security strategy, policy, security engineering, operations and cyber threat detection and response. These officers work with other members of management, employees and outside service providers to promote and evolve our cybersecurity protocols and systems.

 

There were no material cybersecurity incidents in 2023 or up to the date of this filing.

 

© 2024 Material-Incidents. All rights reserved.