AIM ImmunoTech Inc. - (AIM)

10-K Filing Date: March 30, 2024
ITEM 1C. Cybersecurity.

 

We maintain a cyber risk management program designed to identify, assess, manage, mitigate, and respond to cybersecurity threats.

 

We have established policies and processes for assessing, identifying, and managing material risk from cybersecurity threats, and have integrated these processes into our overall risk management systems and processes. We routinely assess material risks from cybersecurity threats, including any potential unauthorized occurrence on or conducted through our information systems that may result in adverse effects on the confidentiality, integrity, or availability of our information systems or any information residing therein.

 

We conduct periodic risk assessments to identify cybersecurity threats, as well as assessments in the event of a material change in our business practices that may affect information systems that are vulnerable to such cybersecurity threats. These risk assessments include identification of reasonably foreseeable internal and external risks, the likelihood and potential damage that could result from such risks, and the sufficiency of existing policies, procedures, systems, and safeguards in place to manage such risks. Following these risk assessments, we re-design, implement, and maintain reasonable safeguards to minimize identified risks; reasonably address any identified gaps in existing safeguards; and regularly monitor the effectiveness of our safeguards.

 

We engage consultants or other third parties in connection with our risk assessment processes. These service providers assist us to design and implement our cybersecurity policies and procedures, as well as to monitor and test our safeguards. We have not encountered cybersecurity challenges that have materially impaired our operations or financial standing.

 

Our management team, in conjunction with third-party IT and cybersecurity service providers is responsible for oversight and administration of our cyber risk management program, and for informing senior management and other relevant stakeholders regarding the prevention, detection, mitigation, and remediation of cybersecurity incidents. Our management team have prior experience selecting, deploying, and overseeing cybersecurity technologies, initiatives, and processes directly or via selection of strategic third-party partners, and relies on threat intelligence as well as other information obtained from governmental, public, or private sources, including external consultants engaged by us for strategic cyber risk management, advisory and decision making. Our Audit Committee assists management in oversight and administration of our cyber risk management program.

 

We have an annual assessment performed by a third-party specialist of our cyber risk management program. The annual risk assessment identifies, quantifies, and categorizes material cyber risks. In addition, in conjunction with the third-party cyber risk management specialists we develop a risk mitigation plan to address such risks, and where necessary, remediate potential vulnerabilities identified through the annual assessment process.

 

We face risks from cybersecurity threats that could have a material adverse effect on its business, financial condition, results of operations, cash flows or reputation. We acknowledge that the risk of cyber incidents is prevalent in the current threat landscape and that a future cyber incident may occur in the normal course of its business. However, prior cybersecurity incidents have not had a material adverse effect on our business, financial condition, results of operations, or cash flows. We proactively seek to detect and investigate unauthorized attempts and attacks against IT assets, data, and services, and to prevent their occurrence and recurrence where practicable through changes or updates to internal processes and tools and changes or updates to our service delivery; however, potential vulnerabilities to known or unknown threats will still remain. Further, there is increasing regulation regarding responses to cybersecurity incidents, including reporting to regulators, investors, and additional stakeholders, which could subject us to additional liability and reputational harm. In response to such risks, we have implemented initiatives such as implementation of the cybersecurity risk assessment process and development of an incident response plan. See Item 1A. “Risk Factors” for more information on our cybersecurity risks.

 

© 2024 Material-Incidents. All rights reserved.