Ranger Energy Services, Inc. - (RNGR)

10-K Filing Date: March 05, 2024
Item 1C. Cybersecurity
We recognize the critical importance of cybersecurity in safeguarding sensitive information, protecting our stakeholders, and maintaining customer trust. Our approach to managing cybersecurity risks, which includes periodic risk assessments, implementing and overseeing governance and policies, an incident response plan, ongoing training and awareness programs, and a commitment to continuous improvement.
Our risk assessment process involves periodic vulnerability assessments and monitoring of emerging threats. Our policies and procedures are designed to ensure compliance with relevant regulations, to consider industry practices, and we periodically review and update them to address evolving cybersecurity risks.
In the event of a cybersecurity incident, we have an incident response plan in place. This plan includes detection, response, and communication with stakeholders. Incident response is supported by appropriate third-party experts to address, assess and respond to the event. The plan calls for the mobilization of a response team including both internal and external resources as well as communication protocols so that event information is shared on a proactive basis. We aim to prioritize transparency and accountability, and we are committed to providing timely and accurate information to our stakeholders in the event of a breach.
We understand the importance of educating our employees about cybersecurity risks, and, over the past two years have initiated awareness and training programs internally specifically targeted to employees with a goal of continually increasing employee education. This initiative aims to foster a culture of cybersecurity awareness and empower our employees to be vigilant in identifying and mitigating potential threats.
Our Vice President of Information Technology reports to the Company’s Chief Financial Officer and is the head of the Company’s cybersecurity team. This role is responsible for assessing and managing the Company’s cyber risk management program, informing senior management regarding the prevention, detection, mitigation, and remediation of cybersecurity incidents and supervising such efforts. Senior leadership has been specifically trained and is credentialed in cybersecurity risk assessment and oversight.
The Audit Committee of the Board of Directors oversees the Company’s cybersecurity posture and the steps taken by management to monitor, identify, and mitigate cybersecurity risks. The Information Technology team briefs the Audit Committee on the effectiveness of the Company’s cyber risk management program, typically on an annual basis.
We are dedicated to continuous improvement in our cybersecurity program. We regularly monitor, evaluate, and aim to enhance our capabilities through investments in technology, infrastructure, and personnel. Our goal is to try to stay ahead of emerging threats and maintain the highest level of cybersecurity resilience.
In conclusion, by prioritizing cybersecurity, we aim to protect the interests of our stakeholders, promote business continuity, and uphold the trust that our customers place in us. Notwithstanding the approach we take to cybersecurity, we may not be successful in preventing or mitigating a cybersecurity incident that could have a material adverse effect on us. While the Company maintains cybersecurity insurance, the costs related to cybersecurity threats or disruptions may not be fully insured. See Item 1A. “Risk Factors” for a discussion of cybersecurity risks.
28