YUNHONG GREEN CTI LTD. - (YHGJ)
10-K Filing Date: March 29, 2024
Our business is subject to risk from cybersecurity threats and incidents, including attempts to gain unauthorized access to our systems and networks, or those of our managers, venture partners and third-party vendors and service providers, to disrupt operations, corrupt data or steal confidential or personal information and other cybersecurity breaches. We consider cybersecurity risk a threat to our assets and thus have put processes in place designed to mitigate the risk and impact of any such cybersecurity threat or incident.
Risk Management and Strategy
As part of our cybersecurity risk management process, we:
● Research and consider recommendations and “best practices” in the field, including procedures with respect to evaluation and monitoring of cybersecurity threats and incidents;
● Consider whether and when to engage third-party security firms to monitor and respond to cybersecurity threats and incidents, including those associated with our use of third-party vendors and service providers, and conduct periodic penetration tests with the aim of identifying and remediating vulnerabilities.
● Periodically evaluate and assess cybersecurity risks, including those associated with our use of key third-party business partners, vendors and service providers. We do not control the cybersecurity plans and systems put in place by such third parties and we may have limited contractual protections with such third parties, such as indemnification obligations to us, which could cause us to be negatively impacted as a result;
● Provide employees with the training, tools and resources designed to protect the Company from cybersecurity threats and incidents and to identify and report such threats and incidents. Our employees receive training and reminders on cybersecurity protocols throughout the year; and
● Seek to minimize the amount of personal information collected to support business needs and use storage and transfer protocols leveraging encryption of critical information, including confidential or personal information.
Our processes for assessing, identifying, and managing material risks from cybersecurity threats and incidents are integrated into our process, which includes direct participation with personnel from our senior leadership team. Existing risks are evaluated for changes, and mitigation strategies are discussed as needed. New risks are discussed and evaluated for consideration as a top risk. Results are discussed with our Board of Directors on an as needed basis.
The Company has not identified any cybersecurity threats or incidents that have materially affected or are reasonably likely to materially affect the Company, including with respect to our business strategy, results of operations, or financial condition. While we have implemented measures designed to help mitigate the risk from cybersecurity threats and incidents, we cannot guarantee that we or our tenants, managers or business partners will be successful in preventing a cybersecurity incident, which could result in a data center outage, disrupt our systems and operations or the systems and operations of our tenants, managers or business partners, compromise the confidential or personal information of our employees or partners, which could damage our business relationships and reputation. Although we have implemented various measures designed to manage risks relating to these types of events, these measures and the systems supporting them could prove to be inadequate and, if compromised, could become inoperable for extended periods of time, cease to function properly or fail to adequately secure confidential or personal information. See “Risk Factors—Our Legal, Compliance and Regulatory Risks—The occurrence of cybersecurity incidents could disrupt our operations or the operations of the third parties with whom we do business, invest in or lend to, result in the loss of confidential or personal information or damage our or their business relationships and reputation. included in Part I, Item 1A of this Annual Report.
Governance
Our Board of Directors, directly and through its committees, routinely discusses significant enterprise risks with management and reviews the procedures we have in place designed to manage those risks. At Board and committee meetings, directors engage in analyses and dialogue which can include any aspect of business risk. In addition to the overall risk oversight function administered directly by our Board, the Audit and Compliance Committee of our Board also exercises oversight over managing the Company’s cybersecurity risks.
Management has primary responsibility for identifying, assessing and managing our exposure to cybersecurity threats and incidents, subject to oversight by our Board of Directors of the processes we establish to assess, monitor and mitigate that exposure.
10 |
If a potentially material cybersecurity threat or incident is identified or discovered, the Company’s Management Team will notify relevant business executives, the Board of Directors, Legal Counsel, and other relevant entities. Our Chief Executive Officer, or that person’s designated representative, will work with the appropriate leaders and employees in any impacted business groups, as well as appropriate personnel in our finance, legal and potentially impacted departments, to assess the risks to the Company and potential impact while determining appropriate remediation steps.
If management determines that a cybersecurity threat or incident could be material to the Company, our management will notify the Audit Committee, and to our full Board of Directors.