Eagle Bulk Shipping Inc. 10-K Cybersecurity GRC - 2024-03-04

Page last updated on April 11, 2024

Eagle Bulk Shipping Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-04 17:22:16 EST.

Filings

10-K filed on 2024-03-04

Eagle Bulk Shipping Inc. filed an 10-K at 2024-03-04 17:22:16 EST
Accession Number: 0001628280-24-008576

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY The Company maintains an Information Security Program which is designed to ensure the confidentiality, integrity, and availability of all data and systems across the organization. We have developed a system of processes and controls to mitigate risks and respond effectively to security incidents. Key components of our Information Security Program include: Risk Management: We conduct regular risk assessments to identify, evaluate, and prioritize potential threats and vulnerabilities. Based on our understanding of the risk landscape relevant to the Company, we have implemented targeted controls and allocated resources to mitigate risks to an acceptable level. Policies and Procedures: Our Information Security Program is supported by a set of clear and enforceable policies and procedures. These documents outline standards for data handling, access control, password management, incident response, and other critical security practices. We regularly review and update our policies and procedures to ensure alignment with industry best practices and regulatory requirements. Access Control: We enforce strict access controls, which include role-based least-privileged access, strong authentication methods and regular access reviews to limit system and data access to authorized personnel only. Security Awareness Training: We believe that our employees are our first line of defense against cyber threats. We provide comprehensive security awareness training programs to educate staff about common risks, phishing attacks, social engineering tactics, and best practices for maintaining a secure information technology environment. We also provide security updates and alerts to keep our employees informed of active and emerging external cybersecurity threats. Technical Controls: Our Information Security Program incorporates a layered approach to technical controls. This includes firewalls, intrusion detection and prevention systems, endpoint protection, encryption mechanisms, and continuous monitoring tools to detect and respond to security incidents in real-time. Incident Response and Business Continuity: Despite our proactive measures, we recognize that security incidents may still occur. Therefore, we maintain a robust incident response plan, detailing procedures for detecting, analyzing, containing, and recovering from security breaches. Additionally, we have comprehensive business continuity and disaster recovery plans in place to ensure minimal disruption to our operations in the event of a cybersecurity incident. Compliance and Auditing: Our Information Security Program is designed to comply with relevant regulations and industry standards. We undergo regular internal and external audits to assess our adherence to these requirements and demonstrate our commitment to maintaining a strong security posture. 55 Our Information Security Program is led by our Director of Global Information Technology, who has over 20 years of relevant educational and technical experience. The Board of Directors oversees our annual enterprise risk assessment, where we assess key risks within the company, including security and technology risks and cybersecurity threats. We have integrated cybersecurity risk into our disclosure controls and procedures. The Audit Committee of the Board of Directors regularly reviews and discusses with management risks related to our information systems, information security, data privacy and cybersecurity risks and the Company s risk assessment and risk management programs and the steps management has taken to monitor and control such exposures. The Audit Committee also receives, at least quarterly, updates from the Director of Global Information Technology and senior management regarding material information regarding the Company s information systems, information security, data privacy and cybersecurity. We continuously monitor emerging threats, evaluate new technologies, and refine our security practices to manage evolving risks. Through regular assessments, audits, and feedback mechanisms, we strive for continuous improvement in our Information Security Program to better protect our assets and maintain the trust of our stakeholders. As of the date of this report, there have been no cybersecurity threats that have materially affected or are reasonably likely to materially affect our business, operations, or financial condition. However, we are regularly the target of attempted cyber intrusions, and we anticipate continuing to be subject to such attempts. Our security programs and measures do not prevent all intrusions. Cyber intrusions require a significant amount of time and effort to assess and remedy, and our incident response efforts may not be effective in all cases. Although we believe that the probability of occurrence of a significant cybersecurity incident is less than likely, if such an incident were to occur, the impact on the Company could be substantial. See Item 1A. Risk Factors - Cybersecurity incidents or other security breaches involving our computer systems or the systems of one or more of our vendors could materially and adversely affect our business.

Company Information