COMSTOCK RESOURCES INC 10-K Cybersecurity GRC - 2024-02-16

Page last updated on April 11, 2024

COMSTOCK RESOURCES INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-16 17:07:46 EST.

Filings

10-K filed on 2024-02-16

COMSTOCK RESOURCES INC filed an 10-K at 2024-02-16 17:07:46 EST
Accession Number: 0000950170-24-016532

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY We face various cybersecurity threats that could adversely affect our business, financial condition, and results of operations. We have implemented processes and procedures to assess, identify, and manage these risks, as well as to respond to and mitigate the impact of any potential or actual cybersecurity incidents to our information systems and the information residing therein. Our processes for assessing and identifying cybersecurity risks include regular network security assessments, vulnerability scans, penetration tests, and audits of our information systems, as well as monitoring and analysis of network activity and threat intelligence. We engage third-party service providers to assist us with some of these activities. We also have processes to oversee and identify cybersecurity risks associated with our use of third-party service providers, such as conducting due diligence, reviewing contracts, and verifying compliance with security standards and best practices. Our cybersecurity risk management processes have been integrated into our enterprise risk framework, which identifies, aggregates, and evaluates risks across the enterprise. We identify our enterprise risks through each member of our management team, along with counsel from our internal auditors and attorneys and we present an assessment of our enterprise risks to our board of directors on an annual basis. Our information technology management plays an integral part in the identification and communication of cybersecurity risks to our management team. 29 COMSTOCK RESOURCES, INC. Despite our efforts, there is the ever-present risk that our systems and/or data will suffer a successful cyber incident such as unauthorized access, use, disclosure, modification, or destruction by hackers, cybercriminals, state-sponsored actors, insiders, or other malicious actors. We have experienced attempts to compromise our systems and/or data. These attempts included phishing attacks, malware infections, and unauthorized access attempts. We do not believe that these attempts, if successful, would have resulted in a material adverse effect on our business, financial condition, or results of operations. We continue to be diligent in preventing, detecting, and responding to a cyber incident. However, we cannot guarantee that we will not suffer cybersecurity incidents in the future, which could result in: Loss of or damage to our data, intellectual property, or other proprietary or confidential information; Interruption or degradation of our operations, services, or systems availability; Compromise or corruption of our data or systems integrity; Reputational harm or loss of customer trust or confidence; Legal liability, regulatory fines, penalties, or sanctions; Remediation or mitigation costs, such as increased security expenditures, investigation expenses, or litigation fees; Increased insurance premiums or difficulty in obtaining adequate insurance coverage; or Other negative consequences. Any of these outcomes could have a material adverse effect on our business, financial condition, or results of operations. The Audit Committee of our Board of Directors provides oversight over our cybersecurity risk management and strategy. The committee receives updates from our information technology management and external advisors on our cybersecurity posture, initiatives, and incidents on an annual or as needed basis. Our information technology department is responsible for assessing and managing our cybersecurity risks on a day-to-day basis and their processes for managing cybersecurity risks include implementing and maintaining security controls, policies, and procedures to protect our information systems and the information residing therein. They also provide periodic awareness notifications to our employees and contractors on cybersecurity best practices and their roles and responsibilities. In addition, we have established an incident response plan to coordinate our response to and recovery from any cybersecurity incidents. Our Director of Information Technology has over 20 years of experience in managing organizations in the energy and telecom industries. We also have a Certified Information Systems Security Professional, who has eight years of experience in cyber and information security.

Company Information