Mill City Ventures III, Ltd - (MCVT)
10-K Filing Date: April 02, 2024
We review cybersecurity risk as part of our overall risk-management program. This ensures that cybersecurity risk management remains a meaningful priority in our business strategy and operations. Our risk management strategy for cybersecurity generally includes:
| · | Identification: We aim to proactively identify the manners in which our business could be materially impacted by cybersecurity risks. |
| · | Assessment: We periodically assess our risks relating to cybersecurity threats, including risks relating to our reliance on third parties. In so doing, we consider the likelihood and impact that could result from the manifesting of such risks, together with the sufficiency of existing policies, procedures, systems, and safeguards in place to manage such risks. |
| · | Management: If deemed appropriate, we design and implement reasonable safeguards to address any identified gaps in our existing processes and procedures. |
We presently do no engage third parties to assist with evaluating the effectiveness of our risk-management and cybersecurity practices. The Company did not have any material cybersecurity breaches during the year ended December 31, 2023.
Our criteria for determining the materiality of cybersecurity incidents includes assessing potential or actual financial impacts, reputational damage, and operational disruptions. In the event of a cybersecurity incident, all material and known facts would be recorded, including their nature, scope and financial implications; and Form 8-K filings required in relation to any material cybersecurity incident would be prepared and timely filed (with any reasons for delayed disclosures being documented in writing). The Company believes these steps will help ensure compliance with SEC requirements and maintain overall stakeholder confidence in the Company.
The Audit Committee of our Board of Directors is the governance body involved in, and ultimately responsible for, cybersecurity oversight. They will generally coordinate with our Chief Financial Officer in this regard. If needed, the full Board would be updated on cybersecurity risks and incidents. None of our directors on the Audit Committee nor our Chief Financial Officer have particular experience in cybersecurity matters.
In the event of a cybersecurity concern or event, our incident response approach would have our Chief Financial Officer report to our Audit Committee and full Board of Directors, as well as legal counsel.