Urgent.ly Inc. - (ULY)

10-K Filing Date: March 29, 2024
Item 1C. Cybersecurity.

At Urgently, we understand the paramount importance of cybersecurity in safeguarding our operational integrity, customer information, and proprietary data. Our commitment to cybersecurity excellence involves a comprehensive approach to risk management and the continual enhancement of our cybersecurity protocols to address the dynamic nature of cyber threats.

Board Oversight and Cybersecurity Governance

Our cybersecurity strategy is anchored in a governance structure with board-level oversight. The Board of Directors plays a critical role in guiding our corporate governance, our cybersecurity posture, ensuring that cybersecurity risks are adequately evaluated and managed in alignment with our business objectives. To this end, the Board will receive periodic updates on our cybersecurity initiatives, risk management practices, and incident response measures. This oversight ensures that cybersecurity remains a top priority at the executive level and that strategic decisions reflect our commitment to safeguarding our digital assets.

The Board is supported by and will receive reports from the Cybersecurity Risk Committee, a specialized group that includes senior executives and departmental representatives from information technology, legal, human resources, and operations. This committee is charged with the development of cybersecurity policies, evaluation of defense mechanisms, and oversight of the company’s response to cyber incidents.

Our Cybersecurity Risk Committee is led by our CISO and our Director of Cyber Security and Compliance. These two individuals have decades of experience in designing, implementing, and managing cyber security risk programs. They are experts in the assessment, identification, and management of cybersecurity risk. Our Cybersecurity Risk Committee members receive updates about our security from our information technology and security teams, stay abreast of industry trends and regulations, and regularly inform management of various cybersecurity risks, trends, threats, and countermeasure techniques.

Cybersecurity Risk Management Program

Our Cybersecurity Risk Management Program is informed by the Center for Internet Security (CIS) Controls version 18. The CIS Controls offer a strategic framework that directs our implementation of effective cybersecurity defenses across 18 critical areas, ranging from asset management to data protection and network security.

A cornerstone of our cybersecurity governance is the annual performance of comprehensive cybersecurity risk assessments. These assessments evaluate our defenses against the latest cyber threats and vulnerabilities and support our preparedness to respond to evolving cyber risks. The insights gained from these assessments inform our ongoing efforts to review and refine our cybersecurity strategies, policies and defense mechanisms. As a core component of our risk management process, all employees are required to participate in annual information security training.

40


 

We engage third parties annually to evaluate our information security posture, risks, and third-party service provider solutions as part of our overall enterprise risk management activities. The company maintains an inventory of vendors and third-party providers and evaluates those providers for risks annually at a minimum.

Cybersecurity Incidents and Responses

We have not experienced cybersecurity incidents that have materially affected our company, our business strategy, our results of operations, or our financial condition. However, we continue to face cybersecurity risks and recognize that we must remain vigilant against known and evolving threats. For additional detail about our cybersecurity risks and whether any such risks are reasonably likely to materially affect our company, please see the discussion in Item 1A, “Risk Factors.”

Our commitment to cybersecurity resilience includes an ongoing monitoring program and a well-defined incident response plan that provides clear guidelines for mitigating the impact of any future cyber threats and incidents. These processes are periodically reviewed and updated to address emerging threat intelligence.

Future Directions

Urgently will continue to invest in cybersecurity technologies, enhance our staff training programs, and foster collaborations with cybersecurity experts. Our board-driven, proactive approach to cybersecurity risk management is integral to our mission of delivering value to our customers, employees, and shareholders, safeguarding our reputation, and ensuring the long-term success of our company.