Vislink Technologies, Inc. - (VISL)

10-K Filing Date: April 03, 2024
Item 1C. Cybersecurity

 

Risk Management and Strategy

 

Managing Material Risks & Integrated Overall Risk Management

 

We are developing processes, that seek to assess, identify, and manage material risks from cybersecurity threats to the IT systems and information that we create, use, transmit, receive, and maintain. We also seek to integrate these processes and policies into our overall enterprise risk management system and processes. The processes for assessing, identifying, and managing material risks from cybersecurity threats, including threats associated with our use of third-party service providers, include our efforts to identify the relevant assets that could be affected, determine possible threat sources and threat events, assess threats based on their potential likelihood and impact, and identify controls that are in place or necessary to manage and/or mitigate such risks.

 

Engage Third Parties on Risk Management

 

We engage a range of external experts, including consultants, and cybersecurity assessors, who assist us in evaluating and testing our cybersecurity systems and processes. These engagements are intended to give us access to specialized knowledge and insights to inform our cybersecurity strategies and processes, including industry-standard control frameworks and applicable regulations, laws, and standards.

 

Oversee Third-Party Risk

 

We plan to implement and conduct security assessments of all third-party service providers before engagement and maintain ongoing monitoring to ensure compliance with relevant cybersecurity standards.

 

Risks from Cybersecurity Threats

 

We have not experienced any material cybersecurity incidents, and the expenses incurred from any security incidents have been immaterial. However, as discussed under “Risk Factors” in Part I, Item 1A of this Annual Report, cybersecurity threats pose multiple and potentially material risks to us, including potentially to our results of operations and financial condition. We rely extensively on information technology systems and could face cybersecurity risk. As cybersecurity threats become more frequent, sophisticated, and coordinated, it is reasonably likely that we may expend greater resources to continue to modify and enhance protective measures against such security risks.

 

Governance

 

Board of Directors Oversight

 

Our Board of Directors is responsible for exercising oversight of management’s identification and management of, and planning for, risks from cybersecurity threats. While the full Board has overall responsibility for risk oversight, the Board has delegated oversight responsibility related to risks from cybersecurity threats to the Board’s Audit Committee. The Audit Committee discusses with management not less than annually our significant financial risk exposures, including those related to data privacy, data security, and network security, and management’s program to monitor, assess, and control such exposures, including our risk assessment and risk management policies. The Audit Committee reports to the Board as necessary concerning its activities, including making such reports and recommendations to the Board as it deems necessary and appropriate.

 

29
 

 

Management’s Role in Managing Risk

 

Ben Mann, our Global IT Manager, is responsible for information security, and has 33 years of IT-related work experience. Our Chief Financial Officer leads our management’s efforts to keep the Audit Committee informed regarding on cybersecurity risks and events, and will provide briefings to the Audit Committee on no less than an annual or ad hoc basis when needed. These briefings encompass:

 

  evaluation of existing cybersecurity risks;
  status of ongoing cybersecurity initiatives and strategies, and
  incident reports and learnings from cybersecurity events.

 

Risk Management Personnel

 

Management’s role in assessing, monitoring, and managing our material cybersecurity risks is primarily the responsibility of our Global IT Manager, who reports to our CFO. Both the Global IT Manager and CFO rely on third-party experts, including consultants, and cybersecurity assessors. The Global IT Manager manages vendor work related to cybersecurity and is primarily responsible for the evolving cybersecurity processes and policies, remediating known risks and leading our employee training program, pursuant to which we provide annual privacy and security training for all employees. Our security training incorporates awareness of cyber threats (including but not limited to malware, ransomware, and social engineering attacks), password hygiene, incident reporting processes, and physical security practices. Our management has also developed security policies and processes, including regular system updates and patches, employee training on cybersecurity and privacy requirements, incident reporting, and encryption to secure sensitive information. In addition, we also regularly perform phishing tests on our employees and update our training plan at least annually. We maintain business continuity and disaster recovery capabilities to mitigate interruptions to critical information systems and the loss of data and services from natural or artificial disasters’ effects on our physical operations.

 

Monitor Cybersecurity Incidents

 

The Global IT Manager implements and oversees processes for regularly monitoring our IT systems. This includes deploying security measures to identify potential vulnerabilities. The Global IT Manager runs an incident response plan for a cybersecurity incident. This plan provides actions to mitigate the impact and long-term strategies for remediation and preventing future incidents.

 

Reporting to the Board of Directors

 

The Global IT Manager regularly informs the CFO of cybersecurity risks and incidents. Furthermore, significant cybersecurity matters and strategic risk management decisions would be escalated by the CFO to the Audit Committee and the Board of Directors.

 

30