Tilray Brands, Inc. - (TLRY)
10-K Filing Date: July 29, 2024
Cybersecurity risk, management, & strategy
Tilray recognizes the importance of cybersecurity in safeguarding our systems, data, and operations and we are committed to addressing the significant risks posed by cyber threats. Our enterprise risk management framework considers cybersecurity risk alongside other company risks as part of our overall risk assessment process and shares common methodologies, reporting channels and governance processes that apply across the enterprise risk management framework to other legal, compliance, operational, and financial risk areas. The Company is committed to maintaining robust processes to assess, identify and mitigate material risks from cybersecurity threats and to protect against, detect and respond to cybersecurity incidents.
Our business is subject to various cybersecurity risks, including but not limited to, unauthorized access to sensitive data, including customer information and medical information, disruption of operations or supply chain due to cyberattacks, theft or manipulation of intellectual property, such as proprietary strains or cultivation techniques, regulatory non-compliance resulting from cybersecurity breaches, including violations of data privacy laws. To address these risks, we have implemented a comprehensive cybersecurity program, which includes, regular risk assessments and vulnerability testing to identify and address potential weaknesses in our systems, deployment of robust access controls and encryption technologies to protect sensitive data, mandatory annual employee training and awareness programs to promote cybersecurity best practices and prevent social engineering attacks, and continual monitoring and incident response procedures to detect and respond to cybersecurity incidents in a timely manner. We also have information security and data privacy policies and procedures in place applicable to our directors, officers, employees, contractors and suppliers. Third parties service providers also contribute to our overall cybersecurity. We engage third parties to support in the design, implementation and ongoing efforts to help identify and mitigate cybersecurity risks.
Based on the information we have as of the date of this Form 10-K, we do not believe any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations or financial condition. See “Item 1A. Risk Factors” for further information about these risks.
Cybersecurity governance
Cybersecurity is an important part of our risk management processes and is an area of focus for our Board, Chief Information Officer ("CIO") whom reports to the Chief Executive Officer, and management team. Our CIO plays a pivotal role in assessing and managing material risks stemming from cybersecurity threats and is primarily responsible for the oversight of our overall cybersecurity risk management program, and coordinates with our external cybersecurity consultants. Additionally, given that cybersecurity risks can impact various areas of responsibility of the Committees of the Board, our Board of Directors oversees cybersecurity risk management and regularly reviews our cybersecurity strategy and initiatives. The Board receives quarterly and as needed updates on cybersecurity matters from the CIO and management.
Tilray is dedicated to maintaining a robust cybersecurity program to safeguard our assets, data, and stakeholders' interests. We remain vigilant in our efforts to identify, assess, and mitigate cybersecurity risks and are committed to transparency and accountability in our cybersecurity disclosures.