KINGSWAY FINANCIAL SERVICES INC 10-K Cybersecurity GRC - 2024-03-05

Page last updated on April 11, 2024

KINGSWAY FINANCIAL SERVICES INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-05 16:48:29 EST.

Filings

10-K filed on 2024-03-05

KINGSWAY FINANCIAL SERVICES INC filed an 10-K at 2024-03-05 16:48:29 EST
Accession Number: 0001437749-24-006644

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Identifying, assessing, and managing material cybersecurity risks is an important component of our overall enterprise risk management program. Given our company structure, the management of cybersecurity risks involves coordination between the parent company and our subsidiaries. Senior IT leadership at the parent company and each subsidiary are responsible for developing cybersecurity programs appropriate for their respective entities, including as may be required by applicable law or regulation. The parent company has issued an IT policy that is required to be adhered to by each subsidiary, and such policy is reviewed and updated annually. It is the responsibility of each subsidiary to communicate any items required by the IT policy to the parent company. The parent company and each of our subsidiaries are responsible for assessing and identifying material risks from cybersecurity threats, as each entity has their own unique IT infrastructure. However, based on experience, cybersecurity threats, including those resulting from any previous cybersecurity incidents, have not materially affected our Company and are not reasonably likely to materially affect our Company, including our business strategy, results of operations, or financial condition. We have various processes for managing and mitigating risks from cybersecurity threats: We have an employee education program that is designed to raise awareness of cybersecurity threats to reduce our vulnerability as well as to encourage consideration of cybersecurity risks across functions. Our IT policy requires minimum password lengths and for passwords to be changed on a regular basis. We maintain back-ups and disaster recovery plans to restore our information in the event of an incident. In some locations, we may use third-party IT providers to assist with maintaining our IT structure, including cybersecurity monitoring and testing. Governance Our Board of Directors plays an important role in our risk oversight and discharges its duties both as a full board and through its committees. Our Board of Directors has assigned oversight of cybersecurity risk management to the Audit Committee. The Audit Committee receives reports from senior management of any cybersecurity incidents that may have occurred at the parent company or any of its subsidiaries. If material, the Audit Committee will bring it to the attention of the Board of Directors as promptly as practicable. If not material, the Audit Committee will bring it to the attention of the Board of Directors at its next regularly scheduled meeting. Senior management (currently the Chief Financial Officer) receives reports from IT leadership at the parent company and each subsidiary. These individuals expertise in IT and cybersecurity generally has been gained from a combination of education, including relevant degrees and/or certifications, and prior work experience. Information regarding cybersecurity risks and incidents may be elevated to senior leadership through a variety of different channels, including discussions between or among subsidiary and parent company management. It is the responsibility of each subsidiary to communicate any items required by the IT policy to the parent company. 15 Table of Contents KINGSWAY FINANCIAL SERVICES INC.

Company Information