Ault Alliance, Inc. - (AULT)

10-K Filing Date: April 16, 2024
ITEM 1C.CYBERSECURITY

 

Information Security Program:

 

The mission of our information security program is to design, implement, and maintain a comprehensive information security program that protects our systems, services, and data against unauthorized access, disclosure, modification, damage, and loss. Our information security program is comprised of internal and external security and technology professionals who work collaboratively to identify, assess, manage, and mitigate cybersecurity risks and threats across the Company, our subsidiaries, and third-party contractors.

 

We recognize the importance of effectively managing material risks associated with cybersecurity threats, as defined in Item 106(a) of Regulation S-K. Our risk management program integrates the monitoring and management of these risks and threats and is informed by applicable laws, regulations, industry standards, and best practices. We continue to invest in information security resources to mature, expand, and adapt our capabilities to address emerging cybersecurity risks and threats.

 

Our information security organization is committed to maintaining a robust and resilient security posture that enables us to protect our assets, maintain our stakeholders' trust, and support our business's overall success.

 

Cybersecurity Risk Management and Strategy

 

Our cybersecurity risk management and strategy are integral components of our comprehensive information security program. They guide our continuous efforts to evaluate and improve the confidentiality, integrity, and availability of our critical systems, data, and operations.

 

We have adopted an Information Security Policy (the “Info-Sec Policy”) and an Incident Response Plan (the “Response Plan”) that establish administrative, physical, and technical controls and procedures to protect sensitive data throughout the Company. These policies also outline processes to assess, identify, manage, and report cybersecurity risks and incidents. The Info-Sec Policy applies to all persons working for the Company and any third parties working with us in any capacity.

 

Our approach to controls and risk management is informed by applicable laws and regulations, as well as industry standards and best practices. These serve as a guide to help us identify, assess, and manage cybersecurity controls and risks relevant to our business.

 

Our cybersecurity risk management program includes:

 

1.Identifying cybersecurity risks that could impact our facilities, third-party vendors/partners, operations, critical systems, information, and broader enterprise information technology environment. Risks are informed by threat intelligence, current and historical adversarial activity, and industry-specific threats;

 

2.Performing cybersecurity risk assessments to evaluate our readiness if the risks were to materialize;

 

3.Ensuring risk is addressed and tracking any necessary remediation through an action plan;

 

4.Analyzing all third-party vendors for compliance with our internal Info-Sec Policy to assess potential risks associated with their security controls. We generally require third parties to maintain security controls, notify us promptly of any data breach or cybersecurity incident that may impact our data, and provide written assurance of corrective actions; and

 

5.Engaging and utilizing a comprehensive suite of security solutions, including enterprise mobility management, endpoint protection, secure file transfer, and security information and event management to monitor and actively respond to cybersecurity threats. These solutions work together to secure our endpoints, protect against malware, ensure the safe transfer of files, and provide our cybersecurity team with the functionality to build alerts on specific use cases that are important and unique to our business.

 

 114 
 

 

Cybersecurity Governance

 

Our Board oversees cybersecurity risk as part of its overall risk oversight function. Our information technology department (the “IT Department”), which functions as our Information Security Advisory Team, is responsible for managing our information security program and implementing cybersecurity risk management practices. The IT Department is led by our Chief Technology Officer and Chief Information Officer, who oversee our cybersecurity strategy and ensure its alignment with business objectives.

 

The IT Department collaborates with various stakeholders across the organization to identify, assess, and mitigate cybersecurity risks. They regularly monitor and adapt our information security program to address the evolving threat landscape.

 

In the event of a cybersecurity incident, the IT Department promptly reports the matter to the Executive Committee, which consists of our senior leadership team. The Executive Committee is responsible for assessing the severity and potential impact of the incident and determining the appropriate course of action. The Executive Committee keeps the Board informed of significant cybersecurity incidents and provides updates on the overall status of our cybersecurity program as needed.

 

This governance structure ensures that cybersecurity risks are effectively managed by the IT Department, with oversight from the Executive Committee and the Board. It maintains clear lines of communication and accountability, enabling timely decision-making and response to cybersecurity matters.

 

In 2023, we did not identify any cybersecurity threats that have materially affected or are reasonably likely to materially affect our business strategy, results of operations or financial condition. However, despite our efforts, we may not successfully eliminate all risks from cybersecurity threats and can provide no assurance that undetected cybersecurity incidents have not occurred.

 

© 2024 Material-Incidents. All rights reserved.