ATRION CORP - (ATRI)
10-K Filing Date: February 29, 2024
We face considerable cybersecurity risk due to constant and relentless efforts by cybercriminals to exploit physical, human, and technological vulnerabilities in order to gain access and control of our networks, data, and intellectual property. Constantly evolving technology and the planning, methodologies, and strategies these attackers utilize to capitalize on vulnerabilities in systems put us at a disadvantage. Although, we have not encountered a cybersecurity threat or incident that resulted in a material impact on our business, operations or financial condition, there is no assurance that we will not experience such an event in the future. We are committed, however, to maintaining vigorous oversight of these risks.
We regularly review industry recommendations, best practices, and standards regarding cybersecurity and information technology. NIST (National Institute of Standards and Technology), CIS (Center for Internet Security) and CISA (Cybersecurity and Infrastructure Security Agency) are some of our primary resources for information. We seek to meet or exceed the standards of, and recommendations by, these organizations as well as those of our third-party technology vendors. We require in-depth annual cybersecurity training for all of our end users as well as refresher training throughout the year. We have processes in place to prevent, identify, manage, and mitigate any occurrence timely, and we engage an independent firm to perform annual assessments of our network security and infrastructure. In addition to our existing methods of detection, monitoring, and mitigation of cybersecurity threats and incidents, we implement new technologies, controls, and policies with the goal of protecting our business, employees, investors, customers, and suppliers.
26 |
Our Board of Directors and our Audit Committee oversee our Company-wide risk management, including cybersecurity risk. More specifically, our Audit Committee reviews with our management, at least annually, emerging cybersecurity developments and threats, the Company's risks relating to cybersecurity, including a review of the state of the Company's cybersecurity and the Company's strategy to mitigate cybersecurity risks. Our internal cybersecurity team consists of our Chief Financial Officer, our Director of Compliance, and our Information Technology department, which includes multiple security certified professionals. Each member of the team has assigned roles related to cybersecurity events. In the event of a cybersecurity attack, members of the cybersecurity team review records and details to determine the depth and materiality of the occurrence. Based on their analysis, appropriate disclosure of the event will be made.