Mentor Capital, Inc. - (MNTR)

10-K Filing Date: April 01, 2024
Item 1C. Cybersecurity. 

 

We have not experienced a material cybersecurity incident that has jeopardized the confidentiality, integrity, or availability of information systems or information residing in such information systems as defined under 17 C.F.R. § 229.106(a). If such an incident were to occur, we would work expeditiously to mitigate our damages as soon as such an incident is detected by implementing our risk management and cybersecurity plan in concert with our established cybersecurity response team. A cybersecurity incident would be reported to the Company’s Chairman of the Board and our general counsel, who would determine whether such incident or event was material. If such an incident or event is material, it would be reported to our Board of Directors and Audit Committee.

 

The Company maintains cybersecurity risk management, disaster readiness, and business continuity plans to anticipate potential threats and mitigate the probability of cybersecurity risks by establishing alerts, preemptive measures, and cybersecurity response protocols. We have set up information technology risk management alert programs that are routinely received and reviewed by management and our information technology professionals. We have implemented protocols and procedures to protect the privacy, safety, and security of our data and information technology. We routinely assess our cybersecurity risk while working in consultation with our information technology professionals. In addition to alerts, our information technology professionals provide risk management monitoring and support along with twenty-four-hour dedicated support for the Company. They possess expertise across multiple industries, including support of Department of Defense contractors in the United States. The Company does not share confidential information with third parties unless required by law. In such instances, the Company utilizes encryption methods to protect confidential information. The Company ensures that such information is given to such third parties in a responsible manner that would not disclose such confidential information to unintended recipients. Due to the nature of the Company’s operations, the instance of the Company’s receipt of confidential information is minimal, infrequent, and immaterial.

 

Our cybersecurity disaster readiness plan is implemented and managed by our assistant corporate secretary, who reports to the Chairman of the Board of Directors. Management oversees our cybersecurity risk and our disaster recovery and business continuity plan in order to consider, mitigate, and plan for the preemption of cybersecurity risks that may arise. Our assistant corporate secretary was formerly responsible for information technology, risk management, and cybersecurity at an Am Law 100 law firm in San Diego. She authored and implemented the firm’s disaster readiness and business continuity protocols and managed the firm’s information technology operations prior to her implementation of these similar risk management protocols at the Company in consultation with cybersecurity experts for the purpose of mitigating the Company’s risk and ensuring best practices. Our assistant corporation secretary is responsible for reporting risks and incidents relating to cybersecurity threats, including compliance with disclosure requirements, to the Chairman of the Board and our general counsel for consideration. The Chairman of the Board determines the necessity of discussing cyber risks. Material incidents would be reported to the Board of Directors and the Audit Committee.

 

11
 

 

The Company’s business strategy, results of operations, and financial condition have not been materially affected by risks from cybersecurity threats, and we have not experienced any material cybersecurity incidents. Our ability to manage our cybersecurity risks does not allow us to predict our cybersecurity vulnerability to ordinary, novel, or sophisticated cyber-attacks and cyber warfare threats in the future. As a result, we cannot provide future assurances that we will not be materially affected by cybersecurity risks or material cybersecurity incidents in the future. For more information on the risks that the Company faces, including cybersecurity-related risks, see our Item 1A Risk Factors section of this Annual Report on Form 10-K.