SONO TEK CORP - (SOTK)
10-K Filing Date: May 23, 2024
Risk Management and Strategy
Securing our business information, intellectual property, customer and employee data and technology systems is essential for the continuity of our business, meeting applicable regulatory requirements and maintaining the trust of our stockholders. Cybersecurity is an important and integrated part of our enterprise risk management function that identifies, monitors and mitigates business, operational and legal risks.
To help protect us from a major cybersecurity incident that could have a material impact on operations or our financial results, the Company is in the process of implementing policies, programs and controls, including technology investments that focus on cybersecurity incident prevention, identification and mitigation. The steps we expect to take to reduce our vulnerability to cyberattacks and to mitigate impacts from cybersecurity incidents include, but are not limited to: penetration testing by a third party vendor, agent based security scanning that runs continuously, establishing information security policies and standards, implementing information protection processes and technologies, monitoring our information technology systems for cybersecurity threats and implementing cybersecurity training. In addition, we annually purchase a cybersecurity risk insurance policy that would help defray the costs associated with a covered cybersecurity incident if it occurred.
Governance
Our Board of Directors is actively engaged in overseeing and reviewing our strategic direction and objectives, taking into account, among other considerations, our risk profile and related exposures, including oversight of risks from cybersecurity threats. As part of this oversight, the Company will update the Board periodically, and at least annually, on our cybersecurity program, including with respect to particular cybersecurity threats, cybersecurity incidents, new developments in our risk profile, the status of projects to strengthen our cybersecurity systems, assessments of our cybersecurity program, and the emerging threat landscape.