SLR Investment Corp. - (SLRC)

10-K Filing Date: February 27, 2024
Item 1C.
Cybersecurity
Risk Management and Strategy
We recognize the importance of assessing, identifying, and managing material risks from cybersecurity threats, as such term is defined in Item 106(a) of Regulation
S-K.
These risks include, among other things, operational risks, financial loss, intellectual property theft, fraud, extortion, loss of sensitive data, harm to individuals including stockholders, violation of privacy or security laws, increased costs associated with mitigation of damages and remediation, and other legal and reputational risks. We have implemented several cybersecurity processes and controls to aid in our efforts to assess, identify, and manage such material risks.
We rely on the Investment Adviser’s enterprise-wide cybersecurity program to protect our information, including due oversight of the cybersecurity programs of our key service providers and processes for the assessment, identification, and management of material risks from cybersecurity threats, including those associated with the use of third-party service providers. The Investment Adviser considers such cybersecurity threats as part of its broader risk management framework, and its cybersecurity program is designed to, among other things, protect us, insofar as is practicable, from the hazards of cybersecurity threats and vulnerabilities in accordance with applicable legal requirements and guidance. The Investment Adviser collaborates with third-party subject-matter experts, as necessary, to identify and assess material cybersecurity threat risks and evaluate and test its cybersecurity protections, including through continuous network and endpoint monitoring, employee anti-phishing training, vulnerability assessments, and penetration testing to inform the Investment Adviser’s risk identification and assessment. The Investment Adviser also performs due diligence reviews on third-parties that have access to our systems, data, or facilities that house such systems or data and continually monitors cybersecurity threat risks identified through such diligence.
Together with management, the Board has designated an Information Security Group (“ISG”) to monitor issues relating to cybersecurity and work with the Investment Adviser’s third-party Information Technology (“IT”) service provider to evaluate potential cyber risk vulnerabilities. While its composition may change over time, the ISG currently consists of our Chief Financial Officer and Chief Compliance Officer. The ISG, together with the Investment Adviser’s third-party IT service provider, annually reviews the cyber risks applicable to our business and the measures established by the Investment Adviser and other service providers to protect against those risks and recommends changes or enhancements, as necessary. The Investment Adviser’s management and the third-party IT service provider also monitor the Investment Adviser’s network to identify internal and external cybersecurity threats and vulnerabilities in order to determine any steps that should be taken to protect information stored on the Investment Adviser’s network and promptly inform the ISG of any identified cybersecurity threats or vulnerabilities. The ISG also makes inquiries of the Investment Adviser’s management and the third-party IT service provider regarding such efforts.
Material Impact of Cybersecurity Risks
The potential impact of risks from cybersecurity threats on us are assessed on an ongoing basis, and how such risks could materially affect our business strategy, operational results, or financial condition are regularly evaluated. During the reporting period, we did not identify any risks from cybersecurity threats, including as a result of previous cybersecurity incidents, that we believe have materially affected, or are reasonably likely to materially affect, our business strategy, operational results, or financial condition. We further describe cybersecurity risks that we face in “The failure in cyber security systems, as well as the occurrence of events unanticipated in our disaster recovery systems and management continuity planning could impair our ability to conduct business effectively” and “We, our Investment Adviser and our portfolio companies are subject to risks associated with cyber-attacks” under “Item 1A. Risk Factors” of this annual report on Form
10-K.
 
72

Governance
The Board has overall responsibility for risk oversight, including risks related to cybersecurity threats. The Board is aware of the critical nature of managing these risks and has sought to establish oversight mechanisms to ensure effective governance in managing risks associated with cybersecurity and appropriate review of the protections provided to us by the Investment Adviser.
In conducting its duties, the ISG relies on the experience and expertise of the Investment Adviser’s third-party IT service provider, which includes, among other things, over two decades of managing network security for companies, a track record of collaborating with management teams on incident response and threat mitigation, and, through various partnerships, vetting and implementing cutting-edge cybersecurity technologies. The ISG will provide a report, at least annually, to the entire Board regarding our cybersecurity threat risk management and strategy processes covering topics such as data security posture, results from third-party assessments, progress towards
pre-determined
risk mitigation-related goals, the Investment Adviser’s incident response plan, and cybersecurity threat risks or incidents and developments, as well as the steps the Investment Adviser’s management has taken to respond to and mitigate such risks. The Investment Adviser’s incident response plan provides guidelines for responding to cyber incidents and facilitates coordination across multiple operational functions of the Investment Adviser. The incident response plan includes notification to the ISG and, depending on its nature, escalation to the Board, if appropriate. The Board is also encouraged to engage with the ISG on cybersecurity topics at other times, and material cybersecurity threats and risks are also considered by the Board in relation to other important matters that come before it.
 

© 2024 Material-Incidents. All rights reserved.