EMERSON RADIO CORP - (MSN)
10-K Filing Date: June 27, 2024
CYBERSECURITY
Risk management and strategy
We have implemented and maintain various information security processes designed to identify, assess and manage material risks from cybersecurity threats to our critical computer networks, third party hosted services, communications systems, hardware and software, and our critical data, including intellectual property, and confidential information that is proprietary, strategic or competitive in nature, (“Information Systems and Data”).
Our information technology (“IT”) department helps identify, assess and manage the Company’s cybersecurity threats and risks. Our IT department identifies and assesses risks from cybersecurity threats by monitoring and evaluating our threat environment using various methods including, for example, using manual tools and conducting threat assessments designed to identity internal and external threats.
Depending on the environment, we implement and maintain various technical, physical, and organizational measures, processes, standards and policies designed to manage and mitigate material risks from cybersecurity threats to our Information Systems and Data, including, for example, conducting risk assessments and maintaining business continuity and disaster recovery plans.
Our assessment and management of material risks from cybersecurity threats are integrated into the Company’s overall risk management processes. For example, cybersecurity risk is addressed as a component of the Company’s enterprise risk management program.The IT department works with Company management to prioritize our risk management processes and mitigate cybersecurity threats that are more likely to lead to a material impact to our business. Our senior management evaluates material risks from cybersecurity threats against our overall business objectives and reports to the Board, which evaluates our overall enterprise risk.
We use third-party service providers to perform a variety of functions throughout our business, such as internet hosting companies, distributors, and supply chain resources. Depending on the nature of the services provided, the sensitivity of the Information Systems and Data at issue, and the identity of the provider, our vendor management process may involve different levels of assessment designed to help identify cybersecurity risks associated with any particular provider.
For a description of the risks from cybersecurity threats that may materially affect the Company and how they may do so, see our risk factors under Part 1. Item 1A. Risk Factors in this Annual Report on Form 10-K, including “An information systems interruption or breach in security, including as a result of cyber-attacks, could adversely affect the Company’s business, results of operations and reputation.”
Governance
Our Board addresses the Company’s cybersecurity risk management as part of its general oversight function. The audit committee of the Board (the "Audit Committee") is responsible for overseeing the Company’s risk management processes, including oversight of mitigation of risks from cybersecurity threats.
Our cybersecurity risk assessment and management processes are implemented and maintained by certain Company management, including our Chief Operating Officer (“COO”). Our COO, assisted by our Senior Vice President for Operations, is responsible for hiring appropriate personnel, helping to integrate cybersecurity risk considerations into the Company’s overall risk management strategy, and communicating key priorities to relevant personnel. Our COO and Senior VP for Operations are responsible for reviewing security assessments and other security-related reports.
Our cybersecurity incident response processes are designed to escalate certain cybersecurity incidents to members of management depending on the circumstances, including our COO.
The Board may receive reports from our IT Department and/or Management concerning the Company’s significant cybersecurity threats and risk and the processes the Company has implemented to address them.