NLIGHT, INC. - (LASR)
10-K Filing Date: February 26, 2024
ITEM 1C. CYBERSECURITY
We are committed to maintaining robust governance and oversight of our information technology and security systems to maintain our facilities’ physical security and to protect proprietary and confidential information, including that of our customers, suppliers and employees. Information about information technology and security risks we face is discussed in Item 1A of Part I, “Risk Factors,” under the heading “A breach of our information technology and security systems could materially adversely affect our business.”
As part of our overall risk management process, we conduct an annual assessment of information systems and organizational assets, as well as periodic vulnerability scanning, penetration testing, security audits, and ongoing risk assessments. We also maintain incident response plans that are utilized when incidents are detected. We require employees with access to information systems, including all corporate employees, to undertake data protection and cybersecurity training and compliance programs annually. We use processes to oversee and identify material risks from cybersecurity threats associated with our use of third-party technology and systems. In addition to our in-house cybersecurity capabilities, at times we also engage assessors, consultants, auditors, or other third parties to assist with assessing, identifying, and managing cybersecurity risks.
While we, like any technology-dependent company operating in the current environment, have experienced cybersecurity incidents in the past we have not, as of the date of this Form 10-K, experienced a cybersecurity threat or incident that resulted in a material adverse impact to our business or operations. However, there can be no guarantee that we will not experience such an incident in the future. Such incidents, whether or not successful, could result in, among other things: unfavorable publicity, damage to our reputation, difficulty marketing our products, customer allegations of breach-of-contract, claims and litigation by affected parties, investigations by and other proceedings involving governmental authorities and possible financial liabilities for damages, any of which could materially adversely affect our business, financial condition, reputation and relationships with customers and partners.
Our cybersecurity risks and associated mitigations are evaluated by senior leadership and subject to oversight by the Information Technology and Security Committee of our Board of Directors. Our cybersecurity program is managed by our Vice President of IT & Information Security, who is a Certified Information Systems Security professional (CISSP) and reports to our Chief Operating Officer. Our Chief Operating Officer and Vice President of
20
IT and Information Security provide periodic briefings about our cybersecurity risk management to the Information Technology and Security Committee.