Climb Global Solutions, Inc. - (CLMB)
10-K Filing Date: March 05, 2024
Our Company maintains a cyber risk management program designed to identify, assess, manage, mitigate, and respond to cybersecurity threats. The Board, Risk and Security Committee of the Board and senior management devote significant resources to cybersecurity and risk management processes to adapt to the changing cybersecurity landscape and respond to emerging threats in a timely and effective manner.
We regularly assess the threat landscape with a layered cybersecurity strategy based on prevention, detection, and mitigation. Our IT team reviews enterprise risk management-level cybersecurity risks annually. In addition, we have a set of Company-wide policies and procedures concerning cybersecurity matters, such as encryption standards, antivirus protection, remote access, multifactor authentication, confidential information and the use of internet, social media, email, and personal devices. The policies include standards from including, but not limited to, the National Institute of Standards and Technology (“NIST”) framework, Payment Card Industry Data Security Standards (“PCI-DSS”) and the Center for Internet Security Standards (“CIS”) and are reviewed and approved by appropriate members of management. Employees must be aware of the Company’s security policies and acknowledge their understanding and compliance to each of the policies annually.
The Risk and Security Committee of the Board oversees the Company’s cybersecurity risk exposures and the procedures taken by management to monitor and mitigate the cyber risks. The Chief Information Officer oversees the IT team and is responsible for developing and implementing our information security program and reporting on cybersecurity matters to the Board and Risk and Security Committee of the Board. We view cybersecurity as a shared responsibility, and we periodically perform simulations and tabletop exercises at a management level and incorporate external resources and advisors as needed. All employees are required to complete cybersecurity trainings through online training modules. Our IT team regularly monitors alerts and meets to discuss threat levels, trends and remediation plans as needed. Additionally, we conduct periodic penetration tests to assess our processes and procedures to ensure we have a robust cybersecurity program.
The Company faces risks from cybersecurity threats that could have a material adverse effect on our business, financial condition, results of operations, cash flows or overall reputation. Although we will continue to face such risks during our normal course of business, they have not materially affected our business, financial position and results of operations. See “Failure to adequately maintain the security of our electronic and other confidential information could materially adversely affect our financial condition and results of operations” in Item 1A. Risk Factors.