WhiteHorse Finance, Inc. - (WHF)
10-K Filing Date: March 05, 2024
Item 1C. Cybersecurity
WhiteHorse Finance, Inc. (the “Company,” “we,” “us,” or “our”) has processes in place to assess, identify, and manage material risks from cybersecurity threats. The Company’s business is dependent on the communications and information systems of WhiteHorse Advisers, LLC (the “Investment Adviser”) and other third-party service providers. The Investment Adviser manages the Company’s day-to-day operations and has implemented a cybersecurity program that applies to the Company and its operations.
Cybersecurity Program Overview
The Investment Adviser has instituted a cybersecurity program designed to identify, assess, and manage cyber risks applicable to the Company. The cyber risk management program involves risk assessments, implementation of security measures, and ongoing monitoring of systems and networks, including networks on which the Company relies. The Investment Adviser actively monitors the current threat landscape in an effort to identify material risks arising from new and evolving cybersecurity threats, including material risks faced by the Company.
The Company relies on the Investment Adviser to engage external experts, including cybersecurity assessors, consultants, and auditors, to evaluate cybersecurity measures and risk management processes, including those applicable to the Company. The Company relies on the Investment Adviser’s risk management program and processes, which include cyber risk assessments.
The Company depends on and engages various third parties, including suppliers, vendors, and service providers, to operate its business. The Company relies on the expertise of risk management, legal, information technology, and compliance personnel of the Investment Adviser when identifying and overseeing risks from cybersecurity threats associated with our use of such entities.
Board Oversight of Cybersecurity Risks
The board of directors of the Company (“Board”) provides strategic oversight on cybersecurity matters, including risks associated with cybersecurity threats. The Board receives periodic updates from the Chief Information Security Officer (“CISO”) of the Investment Adviser and Chief Compliance Officer (“CCO”) of the Company regarding the overall state of the Investment Adviser’s cybersecurity program, information on the current threat landscape, and briefing on material risks from cybersecurity threats and material cybersecurity incidents impacting the Company.
Management's Role in Cybersecurity Risk Management
The Company’s Management, including the Company’s CCO and the CISO of the Investment Adviser manage the Company’s cybersecurity program, under the supervision of the Company’s Chief Executive Officer. The CCO of the Company oversees the Company’s risk management function generally and relies on the Investment Adviser’s CISO to assist with assessing and managing material risks from cybersecurity threats. The Investment Adviser’s CISO has 23 years of experience actively managing cybersecurity and information security programs for financial services companies with complex and evolving information systems. The Company’s CCO has been responsible for this oversight function as CCO to the Company for 10 years and has worked in the financial services industry for over 20 years, during which time the CCO has gained expertise in assessing and managing risks applicable to the Company.
Management of the Company is informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents impacting the Company, including through the receipt of notifications from service providers and reliance on communications with risk management, legal, information technology, and/or compliance personnel of the Investment Adviser.
77
Assessment of Cybersecurity Risk
The potential impact of risks from cybersecurity threats on the Company are assessed on an ongoing basis, and how such risks could materially affect the Company’s business strategy, operational results, and financial condition are regularly evaluated. During the reporting period, the Company has not identified any risks from cybersecurity threats, including as a result of previous cybersecurity incidents, that the Company believes have materially affected, or are reasonably likely to materially affect, the Company, including its business strategy, operational results, and financial condition.