Hercules Capital, Inc. - (HTGC)

10-K Filing Date: February 15, 2024
Item 1C. Cybersecurity
Cybersecurity Program Overview
Our cybersecurity program is designed to identify, assess, and manage material risks from cybersecurity threats. The cyber risk management program involves risk assessments, implementation of security measures, and ongoing monitoring of systems and networks, including networks on which we rely. We actively monitor the current threat landscape in an effort to identify material risks arising from new and evolving cybersecurity threats. We engage external experts, including cybersecurity assessors, consultants, and auditors to evaluate cybersecurity measures and risk management processes. We depend on and engage various third parties, including suppliers, vendors, and service providers. Our risk management, legal, information technology, and compliance personnel identify and oversee risks from cybersecurity threats associated with our use of such entities.
Board Oversight of Cybersecurity Risks
Our Board provides strategic oversight on cybersecurity matters, including risks associated with cybersecurity threats. The Board receives periodic updates from our Chief Operating Officer and, as appropriate, the Chief Compliance Officer and the Director of Information Technology, regarding the overall state of our cybersecurity program, information on the current threat landscape, and risks from cybersecurity threats and cybersecurity incidents.
Management's Role in Cybersecurity Risk Management
Our management, including our Chief Operating Officer and Chief Compliance Officer, is responsible for assessing and managing material risks from cybersecurity threats. Members of Company management possess relevant expertise in various disciplines that are key to effectively managing such risks, such as information systems technology, cybersecurity, regulatory compliance and corporate governance. Our management is informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents, including through the receipt of notifications from service providers and reliance on communications with risk management, legal, information technology, and/or compliance personnel.
51

Assessment of Cybersecurity Risk
The potential impact of risks from cybersecurity threats are assessed on an ongoing basis, and how such risks could materially affect our business strategy, operational results, and financial condition are regularly evaluated. During the reporting period, we have not identified any risks from cybersecurity threats, including as a result of previous cybersecurity incidents, that we believe have materially affected, or are reasonably likely to materially affect, us, including our business strategy, operational results, and financial condition.