Great Ajax Corp. - (AJX)
10-K Filing Date: February 27, 2024
Item 1C. Cybersecurity
We are an externally managed company and our day-to-day operations are managed by our Manager and our officers under the oversight of our board of directors. We are reliant on our Manger, identifying, assessing and managing material risks to our business from cybersecurity threats.
We maintain a comprehensive cybersecurity program, including policies and procedures designed to protect our systems, operations, and the data utilized and entrusted to it, including by us, from anticipated threats or hazards. The cybersecurity program is integrated into our enterprise-wide risk management system, illustrated by conducting planning exercises involving disaster recovery testing and designing and implementing systems to include backup and recoverability principles, protecting sensitive data through encryption techniques, hypothetical cybersecurity incidents to test its cyber incident response processes. Learnings from these exercises are reviewed, discussed, and incorporated into its cybersecurity framework as appropriate. We test our cybersecurity defenses through automated and manual scanning, to identify and remediate critical vulnerabilities. We examine our cybersecurity program every year, evaluating its effectiveness in part by considering industry standards and established frameworks and working in conjunction with external advisors in connection with our annual cybersecurity insurance renewals to ensure our program keeps paces with new threats.
We have not experienced a material cybersecurity breach and no risks from cybersecurity threats have materially affected or are reasonably likely to materially affect our business strategy, results of operations, or financial condition. While we have implemented processes and procedures that we believe are tailored to address and mitigate the cybersecurity threats that our Company faces, there can be no assurances that such an incident will not occur despite our efforts, as more fully described in Item 1A. Risk Factors.
For a discussion of how risks from cybersecurity threats affect our business, and our reliance on our Manager managing these risks, see “Part 1. Item 1A. Risk Factors – Risks Related to Our Company – Security breaches and other cyber-security incidents could result in a loss of data, interruptions in our business, subject us to regulatory actions, increased costs, each of which could have a material adverse effect on our business and results of operations” in this Annual Report on Form 10-K.
Cybersecurity Governance
Our board of directors are responsible for understanding the primary risks to our business, including the risks relating to cybersecurity. Our board of directors are informed of such risks through the audit committee on a quarterly basis.
The Chief Technology Officer ("CTO") of our Manager, who holds 20 years of experience in information technology develops and advances the firm's cybersecurity and technology strategy. The CTO reviews our cybersecurity framework.
Our board of directors are responsible for understanding the primary risks to our business. The audit committee of our board of directors is responsible for reviewing our and our Manger’s IT security controls with management and evaluating the
46
adequacy of our and our Manager’s IT security program, compliance and controls with management. The audit committee receives periodic updates on our cybersecurity programs at the Company, its Manager and its Servicer.