AmpliTech Group, Inc. - (AMPG)

10-K Filing Date: April 01, 2024
ITEM 1C. CYBERSECURITY

 

Cybersecurity Risk Management and Strategy

 

The Company depends on the proper functioning, availability and security of its information systems, including financial, data processing, communications and operating systems. Several information systems are software applications provided by third parties. Although risks from cybersecurity threats have to date not materially affected, and we do not believe they are reasonably likely to materially affect, us, our business strategy, results of operations or financial condition, like other companies in our industry, we could, from time to time, experience threats and security incidents related to our and our third-party vendors’ information systems, including attempts to gain unauthorized access to our confidential data, and other electronic security breaches. Such cybersecurity attacks can range from individual attempts to gain unauthorized access to our information technology systems to more sophisticated security threats. While we employ a number of measures to prevent, detect and mitigate these threats, there is no guarantee such efforts will be successful in preventing a cybersecurity attack. A cybersecurity attack could compromise the confidential information of our employees, customers and vendors. A successful cybersecurity attack could disrupt and otherwise adversely affect our business operations.

 

Assessment, identification and management of cybersecurity related risks are integrated into our overall risk management process. Cybersecurity related risks are included in the risk universe we evaluate to assess top risks to the Company at least annually. To the extent our processes identify a heightened cybersecurity related risk, risk owners are assigned to develop risk mitigation plans, which are then tracked to completion.

 

Cybersecurity Governance

 

Our Board of Directors considers cybersecurity risk as part of its risk oversight function and has delegated oversight of cybersecurity risk strategy and governance and of other information technology risks to the Audit Committee of the Board of Directors (the “Audit Committee”). The Audit Committee reports to the full Board of Directors regarding its activities, including those related to cybersecurity. Senior management, including the Company’s Chief Executive Officer, Chief Financial Officer and Chief Operating Officer, is responsible for assessing and managing cybersecurity risk, and provides briefings regarding the assessment and management of such risk to the Audit Committee, which then reports, as necessary, to the Board of Directors.

 

Although members of our senior management do not have direct cybersecurity expertise obtained through certifications, their experience managing the Company, which includes consulting and coordinating as necessary with in-house information-technology specialists, enables them to effectively assess and manage material risks from cybersecurity threats.

 

The Company relies on in-house information-technology specialists to assist in managing relevant risks. Any cybersecurity incident would be reported promptly to management and material and potentially material incidents would be assessed by management and the Audit Committee for remediation and future prevention and detection.

 

The Company, at least annually, updates its policies or procedures that could help mitigate cybersecurity risks. Notwithstanding the extensive approach we take to cybersecurity, we may not be successful in preventing or mitigating a cybersecurity incident that could have a material adverse effect on us. The Company has incorporated cybersecurity coverage in its insurance policies; however, there is no assurance that the insurance the Company maintains will cover all cybersecurity breaches or that policy limits will be sufficient to cover all related losses.