ExcelFin Acquisition Corp. 10-K Cybersecurity GRC - 2024-03-13

Page last updated on April 11, 2024

ExcelFin Acquisition Corp. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-13 21:06:06 EDT.

Filings

10-K filed on 2024-03-13

ExcelFin Acquisition Corp. filed an 10-K at 2024-03-13 21:06:06 EDT
Accession Number: 0001104659-24-034096

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C.Cybersecurity. Risk Management and Strategy We depend on technology systems, some of which are operated and managed by third parties, to operate our business. Our business is limited to searching for and implementing an initial business combination. As such, we process a limited number of invoices and rely primarily upon third parties for cybersecurity compliance. Only four individuals are involved in our day-to-day operations and those operations are minimal. In October 2023, we made payments on three separate invoices which payments were later determined by management to have been made in error. Two of the payments were later recovered from the vendors, but it is unlikely that the third payment will be recovered. Our management has conducted a thorough investigation related to these events and has concluded there was a material weakness in our internal control over financial reporting related to our review and approval of cash disbursements. To address this material weakness management has devoted, and plans to continue to devote, significant effort and resources to the remediation and improvement of our system for verification of which invoices to pay. We implemented additional controls related to vendor verification and will introduce mandatory cybersecurity training. We implemented a list of specific points to validate before payments are released, requiring evidence of validation by approvers. Our cybersecurity risk management program includes the monitoring of our systems and networks for vulnerabilities, threats and, intrusions coordination of our response to cybersecurity incidents the training for our management and employees on new and developing risks and threats. Finally, our cybersecurity risk management program includes procedures to facilitate that information regarding cybersecurity incidents are shared with the Board to enable assessments related to disclosure and notice requirements to be timely and correctly made. Although no cybersecurity incident during the year ended December 31, 2023 resulted in an interruption of our operations, known losses of critical data or otherwise had a material impact on our strategy, financial condition or results of operations, the scope of any future incident cannot be predicted. See Item 1A. Risk Factors for more information. 55 Table of Contents Governance Management has responsibility to manage risk and bring to the Board s attention the most material near-term and long-term risks to the Company. The Board of Directors is actively engaged in overseeing and reviewing the Company s strategic direction and objectives, taking into account, among other considerations, the Company s risk profile and exposures. Our Chief Executive Officer, Joe Ragan, leads management s assessment, identification and management of cybersecurity risk. Mr. Ragan is familiar with cybersecurity matters arising out his public company chief financial officer experience. Our Board of Directors oversees our enterprise risk management system. The Board of Directors meets quarterly, or more frequently as necessary, with members of management to provide updates on all matters, including cybersecurity.

Company Information