ASCENT INDUSTRIES CO. - (ACNT)
10-K Filing Date: April 01, 2024
Item 1C. Cybersecurity
Cybersecurity Governance
The Company's Board of Directors (the "Board") recognizes the critical nature of managing risks associated with cybersecurity threats and is responsible for oversight of the Company's information security programs, including risk of cybersecurity threats. The Audit Committee, which supports the Board of Directors in the oversight of the Company's information security program, oversees managements design, implementation and enforcement of our cybersecurity risk management program. The Audit Committee is composed of Board members with diverse expertise, including technology, financial and risk management experience.
The Audit Committee and full Board receive periodic briefings from management on our cyber risk management programs. The Company also has an internal disclosure committee made up of members of management to assist in fulfilling its obligations to maintain disclosure controls and procedures and to coordinate and oversee the process of preparing our periodic securities filings with the SEC. The disclosure committee meets on a quarterly basis to ensure they are appropriately informed of any matters that should be considered in advance of applicable public filings, including cybersecurity and data privacy matters, and to address the proper handling and escalation of information to the Board and Audit Committee as needed.
Cybersecurity Risk Management and Strategy
We have developed and implemented a cybersecurity risk management program intended to protect the confidentiality, integrity and availability of our critical systems and infrastructure. This program includes the implementation of a set of system, network and application level controls to protect our data and systems. These controls are monitored for cybersecurity risks and incidents by internal staff and our third-party service provider and are updated as necessary to protect the Company.
Our overall cybersecurity program includes: security tools, technologies and processes, control reviews and penetration tests; cybersecurity awareness training exercises for our employees, including phishing simulations to raise internal awareness of
11
manipulated electronic communications; and an annual review of System and Organization reports for critical third-party service providers.
We have not identified known risks, including as a result of prior cybersecurity incidents, that have materially affected us, including our operations, business strategy, results of operations or financial condition. We face certain ongoing risks from cybersecurity threats that, if realized, are reasonably likely to materially affect us, including our operations, business strategy, results of operations or financial condition. See Item 1A Risk Factors - Cybersecurity risks and cyber incidents could adversely affect our business and disrupt operations.