BK Technologies Corp 10-K Cybersecurity GRC - 2024-03-14

Page last updated on April 11, 2024

BK Technologies Corp reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-14 07:07:11 EDT.

Filings

10-K filed on 2024-03-14

BK Technologies Corp filed an 10-K at 2024-03-14 07:07:11 EDT
Accession Number: 0001654954-24-003098

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. Cybersecurity Risk Management and Strategy We face cybersecurity risks, as a small company, due to the breadth of networks and systems we utilize to design, develop, produce and sell our LMR products. We also use third-party products, services and components to produce our LMR products. We are committed to maintaining robust governance and oversight of these risks and implementing mechanisms, controls, technologies, and processes designed to help us assess, identify, and manage these risks. While we have not, as of the date of this Form 10-K, experienced a cybersecurity threat or incident that resulted in a material adverse impact to our business or operations, there can be no guarantee that we will not experience such an incident in the future. Such incidents, whether or not successful, could result in our incurring significant costs related to rebuild our internal systems, implement additional threat protection measures, provide modifications or replacements to our products, respond to regulatory inquiries or actions, pay damages, provide customers with incentives to maintain a business relationship with us, or take other remedial steps with respect to third parties, as well as incurring significant reputational harm. In addition, these threats are constantly evolving, thereby increasing the difficulty of successfully defending against them or implementing adequate preventative measures. 19 Table of Contents We seek to detect and investigate unauthorized attempts and attacks against our network and to prevent their occurrence and recurrence where practicable through changes or updates to our internal processes, tools and changes or updates to our products however, we remain potentially vulnerable to known or unknown threats. In some instances, we, our suppliers, our customers and the users of our products can be unaware of a threat or incident or its magnitude and effects. Further, there is increasing regulation regarding responses to cybersecurity incidents, including reporting to regulators, which could subject us to additional liability and reputational harm. See Risk Factors for more information on our cybersecurity risks and product vulnerability risks. As a supplier of LMR products to federal, state and municipality agencies, our cybersecurity strategy focuses on implementing effective and efficient controls, technologies, and other processes to assess, identify, and manage material cybersecurity risks. We have retained the assistance of a Cybersecurity expert consultant, to assist internal management to evaluate processes in place to assess, identify, manage, and address material cybersecurity threats and incidents. These include, among other things: annual and ongoing security awareness training for employees mechanisms to detect and monitor unusual network activity and containment and incident response tools. We monitor issues that are internally discovered or externally reported that may affect our products and have processes to assess those issues for potential cybersecurity impact or risk. We are also implementing a process to manage cybersecurity risks associated with third-party service providers. We impose security requirements upon our suppliers, including maintaining an effective security management program abiding by information handling and asset management requirements and notifying us in the event of any known or suspected cyber incident. Cybersecurity Governance Our Board of Directors has ultimate oversight of cybersecurity risk, which it manages as part of our enterprise risk management program. That program is utilized in making decisions with respect to company priorities, resource allocations, and oversight structures. The Board of Directors is assisted by the Audit Committee, which regularly reviews our cybersecurity program with management and reports to the Board of Directors. Cybersecurity reviews by the Audit Committee or the Board of Directors generally occur at least twice annually, or more frequently as determined to be necessary or advisable. Our cybersecurity program is run by our Chief Information Security Officer (CISO) and Chief Financial Officer (CFO), who reports to our Chief Executive Officer (CEO). Our CISO is informed about and monitors prevention, detection, mitigation, and remediation efforts through regular communication and reporting from our IT Director and the Cybersecurity consultant expert.

Company Information