VerifyMe, Inc. - (VRME)

10-K Filing Date: March 29, 2024
ITEM 1C. CYBERSECURITY.

 

Risk Management and Strategy

 

Cyber criminals are becoming more sophisticated and effective every day, and they are increasingly targeting enterprise software companies. All companies utilizing technology are subject to threats of breaches of their cybersecurity programs. To mitigate the threat to our business, we have begun to establish a comprehensive approach to cybersecurity risk management and hold securing the data customers and other stakeholders entrust to us as one of our top priorities. As described in more detail below, we have established policies, standards, processes and practices for testing, training, and monitoring material risks from cybersecurity threats. We have devoted financial and personnel resources to implement security measures to meet regulatory requirements and customer expectations, and we intend to continue to make investments to maintain the security of our data and cybersecurity infrastructure. There can be no guarantee that our policies and procedures will be properly followed in every instance or that those policies and procedures will be effective. Although our Risk Factors include further detail about the material cybersecurity risks we face, we believe that risks have not materially affected our business to date. We can provide no assurance that there will not be incidents in the future or that they will not materially affect us, including our business strategy, results of operations, or financial condition.

 

We are in the process of establishing controls and procedures designed to ensure prompt escalation of material cybersecurity incidents so that decisions regarding public disclosure and reporting of such incidents can be made by management and the Board in a timely manner. We intend to continue to review and enhance our incident response and recovery plan for the Company Our policies require each of our employees to contribute to our data security efforts. We regularly remind employees of the importance of handling and protecting customer and employee data, including through annual privacy and security training to enhance employee awareness of how to detect and respond to cybersecurity threats. Our incident response and recovery plans and policies will address — and guide our employees, management and the Board on our response to a cybersecurity incident.

 

Our cybersecurity policies, standards, processes and practices are also assessed by third party cybersecurity providers. These assessments include a variety of activities including information security maturity assessments, audits and independent reviews of our information security control environment and operating effectiveness.

 

Governance

 

Our Board of Directors is responsible for monitoring and assessing strategic risk exposure related to cybersecurity risks, and our executive officers are responsible for the day-to-day assessment and management of the material risks we face. Our Board of Directors administers its cybersecurity risk oversight function directly as a whole.

 

Currently, Jack Wang, our chief information officer of our subsidiary PeriShip Global, has primary responsibility for managing material cybersecurity risks over our Precision Logistics Segment while Paul Ryan, Executive Vice President, Authentication Segment, has the primary responsibility for assessing and managing material cybersecurity risks over our Authentication Segment. Mr. Wang holds an undergraduate and master’s degree in computer science. Our CIO has served in various roles in information technology and security for over 20 years. Mr. Ryan has 30 years of experience in global software and technology businesses. Both Mr. Wang and Mr. Ryan are responsible for reporting any cybersecurity related incidents to our executive officers. Our executive officers are responsible for reporting material cybersecurity related incidents to our Board of Directors. We intend to review our current reporting structure and may implement other structures governing the day-to-day management and reporting of cybersecurity risks.