New Fortress Energy Inc. - (NFE)
10-K Filing Date: February 29, 2024
Item 1C. Cybersecurity.
Risk Management and Strategy
The Company assesses risks from cybersecurity threats, monitors its information systems for potential vulnerabilities and tests those systems pursuant to the Company’s cybersecurity standards, processes and practices, which are integrated into the Company’s overall risk management processes. To protect the Company’s information systems from cybersecurity threats, including those related to third-party service providers, the Company uses various security tools, such as third party vendors that help the Company identify, escalate, investigate, resolve and recover from security incidents in a timely manner. The Company’s cybersecurity procedures and standards are reviewed and overseen by the Company’s cybersecurity group.
The cybersecurity group holds periodic meetings and reviews metrics it deems appropriate, including any incidents and threats, and the current state of cybersecurity issues and threats in the industry. These efforts include developing a threat model that assesses potential damage to the Company’s business and the likelihood of threat. We test the risk prioritization rankings of our threat model with external data about breaches and incidents reported by governmental agencies, including the Cybersecurity and Infrastructure Security Agency and National Security Agency. The Company partners with third parties to assess the effectiveness of our cybersecurity prevention and response systems and processes as needed.
For high priority incidents, the cybersecurity group will manage a risk-appropriate response, which may include the use of third-party vendors to support any investigation, response, and remediation efforts. Updates regarding any incidents are provided to management as appropriate.
During the year ended December 31, 2023, the Company is not aware of any cybersecurity incidents or threats that materially affected our business, results of operations or financial condition.
Governance
Management oversees the Company’s risk management process, including cybersecurity risks, and receives updates regarding any cybersecurity incidents directly from the cybersecurity group as appropriate. The cybersecurity group is led by the Chief Technology Officer, who has over 15 years of experience in information security. Management will evaluate any cybersecurity risks, concerns and issues and determine whether to escalate such issues to the Board or any of its committees. Our Board is responsible for the oversight of management as well as the business and affairs of the Company. In carrying out this responsibility, the Board discusses and receives regular updates on a wide variety of matters affecting the Company.
53
Risks
Please see the risk factor captioned "Information technology failures and cyberattacks could affect us significantly” in Part I, Item 1A. “Risk Factors” for additional description of cybersecurity risks and potential related impacts on the Company.