Intellicheck, Inc. - (IDN)

10-K Filing Date: April 01, 2024
Item 1C. Cybersecurity
We have established procedures for evaluating, recognizing, and handling significant risks stemming from potential unauthorized events occurring on or through our electronic information systems, which could negatively impact the confidentiality, integrity, or accessibility of our information systems or the data stored within them. These procedures encompass a diverse range of mechanisms, controls, technologies, systems, and other processes aimed at preventing, detecting, or mitigating data breaches, theft, misuse, unauthorized access, or any other security incidents or vulnerabilities affecting digitally stored data. This data comprises confidential, business, and personal information that we gather, process, store, and transmit as part of our operations, including on behalf of third parties. Furthermore, we utilize systems and procedures intended to minimize the repercussions of a security incident involving a third-party vendor or customer. Additionally, we employ procedures to supervise and identify significant risks arising from cybersecurity threats linked to our utilization of third-party technology and systems, such as encryption and authentication systems, employee email services, back-office support systems, and other operational functions.
We adhere to a risk management framework based on applicable laws and regulations, incorporating industry standards and recognized practices to handle cybersecurity risks across our products, services, infrastructure and corporate
18

assets. To evaluate and address cybersecurity threats, we analyze factors such as threat intelligence, first- and third-party vulnerabilities, changing regulatory requirements and observed incidents. We regularly conduct risk assessments to gauge the effectiveness and maturity of our systems, identifying areas for improvement. We also engage third-party security experts and consultants to assist with assessment and enhancement of our cybersecurity risk management processes, as well as benchmarking against industry practices. We also maintain a privacy risk management program to assess risks related to user data collection, with an independent third-party privacy assessor to ensure compliance. These processes enable us to make informed, risk-based decisions and prioritize cybersecurity measures and risk mitigation strategies. Our risk mitigation efforts encompass a range of technical and operational actions, alongside annual cybersecurity and privacy training for all staff members.
Our cybersecurity risks and associated mitigations are evaluated by our IT team, including our VP of Technology Operations and Information Security, as part of our enterprise risk assessments that are reviewed by our management team. Our management team supervises efforts to prevent, detect, mitigate and remediate cybersecurity risks and incidents, which include: internal briefings from relevant personnel; threat intelligence and other information obtained from governmental, public or private sources, including external cybersecurity consultants; and alerts and reports produced by security tools deployed in our IT environment. However, we cannot guarantee that our efforts will prevent any cybersecurity incident from occurring.
In 2023, we did not identify any cybersecurity threats that have materially affected or are reasonably likely to materially affect our business strategy, results of operations, or financial condition. However, despite our efforts, we cannot eliminate all risks from cybersecurity threats. For additional information about these risks, see Part I, Item 1A, "Risk Factors" in this Annual Report on Form 10-K.