CENTURY CASINOS INC /CO/ 10-K Cybersecurity GRC - 2024-03-13

Page last updated on April 11, 2024

CENTURY CASINOS INC /CO/ reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-13 18:30:18 EDT.

Filings

10-K filed on 2024-03-13

CENTURY CASINOS INC /CO/ filed an 10-K at 2024-03-13 18:30:18 EDT
Accession Number: 0000911147-24-000010

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. Cybersecurity is an important part of our risk management program and an area of increasing focus for our Board and management. We maintain a robust cybersecurity infrastructure to safeguard our operations, networks, and data through comprehensive security measures including our technology tools, internal management, and external service providers. Our Chief Information Officer ( CIO ) is responsible for assessing, identifying, and managing the risks from cybersecurity threats. Our CIO has over 14 years of experience in information technology and security positions. The CIO leads a team which includes our Corporate Director of Information Security and Senior Systems Engineer, with a combined 28 years of information technology and cybersecurity related experience. Both of these individuals hold Certified Information System Security Professional ( CISSP ) certifications. Our Board of Directors, primarily through the Audit Committee, oversees management’s approach to managing cybersecurity risks. The Audit Committee, comprised solely of independent directors, is charged with overseeing the Company s risk management, including information technology and cybersecurity. The Audit Committee routinely engages with relevant management on a range of cybersecurity-related topics, including the threat of environment and vulnerability assessments, policies and practices, technology trends, and regulatory developments from the CIO. We use a risk-based approach to identify, assess, protect, detect, respond to, and recover from cybersecurity threats, utilizing industry standard frameworks such as the National Institute of Standards and Technology Cybersecurity Framework, internal controls, and robust technological toolsets. Our information security program includes, among other aspects, penetration and vulnerability assessments and management, intrusion detection systems, antivirus and malware protection, encryption, access control, high availability and redundancy, and employee training. Risks identified by the CIO and other cybersecurity personnel are analyzed to determine the potential impact on us and the likelihood of occurrence. Such risks are continuously monitored to ensure that the circumstances and severity of such risks have not changed. The CIO also routinely discusses trends in cyber risks and our strategy with our Audit Committee and management on a regular basis, in addition to an annual review and discussion with the full board. In addition, we engage independent third-party cybersecurity providers for vulnerability assessments and penetration testing. We regularly engage these providers to aid in the identification and remediation of potential threats. We also endeavor to apprise employees of emerging risks and require them to undergo annual security awareness training, and supplemental training as needed. Additionally, we conduct periodic internal exercises to gauge the effectiveness of the training and assess the need for additional controls and/or training. Material cybersecurity incidents are required to be reported to the Board of Directors. As of the date of this report, we are not aware of any incidents from cybersecurity threats that have materially affected or are reasonably likely to materially affect our business strategy, results of operations, or financial condition. 21

Company Information