GENCO SHIPPING & TRADING LTD 10-K Cybersecurity GRC - 2024-02-27

Page last updated on April 11, 2024

GENCO SHIPPING & TRADING LTD reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-27 16:53:11 EST.

Filings

10-K filed on 2024-02-27

GENCO SHIPPING & TRADING LTD filed an 10-K at 2024-02-27 16:53:11 EST
Accession Number: 0001558370-24-001857

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Our Board of Directors oversees our risk management process, including risks from cybersecurity threats. Our Board of Directors reviews strategic risk exposure, and members of our management are responsible for addressing the material risks we face on a day-to-day basis. Our Board of Directors administers its cybersecurity risk oversight function directly as a whole as well as through our Audit Committee. Our Board and our Audit Committee receive updates from time to time from our management as appropriate on cybersecurity. Our Chief Financial Officer, our Internal Audit Director and our external Information Technology department are primarily responsible to assess and manage material risks from cybersecurity threats and oversee key cybersecurity policies and processes. They are informed about policies and processes to monitor the prevention, detection, mitigation, and remediation of cybersecurity incidents. The Chief Information Manager of our Information Technology department has 35 years of experience in the design, implementation, and support of information technology infrastructures with significant expertise in information technology forensics. He is assisted by two network engineers with 26 years of information technology experience with a focus on information technology forensics. Network and information systems and other technologies play an important role in our business activities. We also obtain certain confidential, proprietary and personal information about our charterers, personnel, and vendors. To protect our data, we have employed cybersecurity protocols which are designed to work in tandem with internal controls to safeguard our information technology environment. Our information technology infrastructure is designed with commercial flexibility, data integrity, and safety in mind. We utilize a layered approach of systems and policies intended to provide a secure operating environment and promote business continuity. Our hardware and software systems are equipped with technology intended to offer access and intrusion protection, software and communications systems protections, and mitigate cybersecurity threats. We have established policies and processes for assessing, identifying, and managing material risk from cybersecurity threats, and have integrated these processes into our overall risk management systems and processes. We routinely assess material risks from cybersecurity threats, including any potential unauthorized occurrence on or conducted through our information systems that may result in adverse effects on the confidentiality, integrity, or availability of our information systems or any information maintained in them. 39 Table of Contents We conduct regular risk assessments to identify cybersecurity threats. These risk assessments include identifying reasonably foreseeable potential internal and external risks, the likelihood of occurrence and any potential damage that could result from such risks, and the sufficiency of existing policies, procedures, systems, controls, and other safeguards in place to manage such risks. As part of our risk management process, we may engage third party experts to help identify and assess risks from cybersecurity threats. For example, an outside consulting firm conducts a National Institute of Standards and Technology and International Organization for Standardization based cybersecurity capability maturity assessment every two years, which is reviewed with our Chief Financial Officer. We also perform penetration tests, data recovery testing, security audits and risk assessments throughout the year. We hold online cybersecurity trainings for our employees. Our risk management process also encompasses cybersecurity risks associated with our use of third-party service providers. Following these risk assessments, we design, implement, and maintain safeguards intended to minimize the identified risks; address any identified gaps in existing safeguards; update existing safeguards as necessary; and monitor the effectiveness of our safeguards. The Company also maintains a cyber liability insurance policy. See Item 1 Business Insurance Cyber Liability Insurance in this report. While we develop and maintain protocols, controls, and systems, that seek to prevent cybersecurity incidents from occurring, we must constantly monitor and update these protocols, controls, and systems in the face of sophisticated and rapidly evolving attempts to overcome them. The occurrence of cybersecurity incidents could cause a variety of material adverse impacts on our business, although no such incident has had any such impact to date. For additional information regarding whether any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect our company, including our business strategy, results of operations, or financial condition, please refer to Item 1A, Risk Factors, in this report, including the risk factor entitled Security breaches and other disruptions to our information technology infrastructure could interfere with our operations and expose us to liability. and Item 1, Business Environmental and Other Regulations - Safety Management System Requirements in this report.

Company Information