Horizon Technology Finance Corp 10-K Cybersecurity GRC - 2024-02-27

Page last updated on April 11, 2024

Horizon Technology Finance Corp reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-27 16:31:09 EST.

Filings

10-K filed on 2024-02-27

Horizon Technology Finance Corp filed an 10-K at 2024-02-27 16:31:09 EST
Accession Number: 0001437749-24-005719

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity We have processes in place to assess, identify, and manage material risks from cybersecurity threats. Our business is dependent on the communications and information systems of our Advisor and other third-party service providers. Our Advisor manages our day-to-day operations and has implemented a cybersecurity program that applies to us and its operations. Cybersecurity Program Overview Our Advisor has instituted a cybersecurity program designed to identify, assess, and mitigate cyber risks applicable to us. The cyber risk management program involves risk assessments, implementation of security measures, and ongoing monitoring of systems and networks, including networks on which we rely. Our Advisor actively monitors the current threat landscape in an effort to identify material risks arising from new and evolving cybersecurity threats, including material risks faced by us. Our Advisor has identified a Cyber Incident Response Team, or Response Team, who is responsible for providing appropriate oversight, strategic direction, and decision making for an event that potentially could cause a material impact to the business. The Response Team includes the Chief Financial Officer, Chief Compliance Officer and General Counsel, and our Vice President of Operations and these individuals are responsible for coordinating the incident response, including any required notification to the Audit Committee or Board of Directors. We rely on our Advisor to engage external experts, including cybersecurity assessors, consultants, and auditors to evaluate cybersecurity measures and risk management processes, including those applicable to us. We rely on our Advisor s risk management program and processes, which include cyber risk assessments. We depend on and engages various third parties, including suppliers, vendors, and service providers, to operate its business. We rely on the expertise of risk management, legal, information technology, and compliance personnel of our Advisor when identifying and overseeing risks from cybersecurity threats associated with our use of such entities. Board Oversight of Cybersecurity Risks Our Board provides strategic oversight on cybersecurity matters, including risks associated with cybersecurity threats. Our Board receives periodic updates from our Response Team regarding the overall state of our Advisor s cybersecurity program, information on the current threat landscape, and risks from cybersecurity threats and cybersecurity incidents impacting us . Management’s Role in Cybersecurity Risk Management Our management, including our Response Team, is responsible for assessing and managing material risks from cybersecurity threats. Our management continuously assess, meet and prioritize cybersecurity risks and actions taken to mitigate these risks. Members of our management possess relevant expertise in various disciplines that are key to effectively managing such risks. We leverage the resources of Monroe Capital, including the Head of Information Technology, who provides resources and expertise to assist us in our cybersecurity program. Our management is informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents impacting us, including through the receipt of notifications from service providers and reliance on communications with risk management, legal, information technology, and/or compliance personnel of our Advisor. 63 Table of Contents Assessment of Cybersecurity Risk In the past three years, we have not experienced a material cybersecurity breach and the potential impact of risks from cybersecurity threats on us are assessed on an ongoing basis, and how such risks could materially affect our business strategy, operational results, and financial condition are regularly evaluated. During the reporting period, we have not identified any risks from cybersecurity threats, including as a result of previous cybersecurity incidents, that we believe have materially affected, or are reasonably likely to materially affect, us, including its business strategy, operational results, and financial condition.

Company Information