NI Holdings, Inc. 10-K Cybersecurity GRC - 2024-03-15

Page last updated on April 11, 2024

NI Holdings, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-15 16:08:20 EDT.

Filings

10-K filed on 2024-03-15

NI Holdings, Inc. filed an 10-K at 2024-03-15 16:08:20 EDT
Accession Number: 0001174947-24-000361

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Cybersecurity risk is an important and evolving focus for the Company. The increased sophistication and activities of unauthorized parties attempting to access our systems is an ever-present risk. Cybersecurity risks may also arise from human error, fraud, or malice on the part of employees or third parties who have authorized access to our systems or information. Our information security program is directly managed by a dedicated Director of Information Systems, whose team is responsible for enterprise-wide cybersecurity strategy, policy, standards, architecture, and processes. Company employees are periodically required to affirm their understanding of several policies and standards, including those related to cybersecurity. Our cybersecurity strategy is primarily focused on network security, data security, vulnerability management, incident management, and disaster recovery. We utilize internal resources as well as third-party consultants and vendors to periodically conduct cybersecurity vulnerability testing, facilitate employee training, perform system assessments, and provide recommendations based on industry best practices. The Director of Information Systems provides periodic reports to our ERMC related to cybersecurity risks and threats, the status of projects to strengthen our information security systems and controls, assessments of the information security program and related third-party service providers, and the emerging threat landscape. The ERMC provides oversight and support related to our cybersecurity program and consists of our Chief Executive Officer, Chief Financial Officer, Director of Information Systems, and other appropriate members of senior management who possess the relevant expertise to assess and manage cybersecurity risks as part of the broader enterprise risk management process. Periodic reports are also provided to appropriate members of senior management that include information regarding prevention, detection, mitigation, and remediation efforts related to cybersecurity incidents. Our Chief Executive Officer and Director of Information Systems also provide periodic reports to the Audit Committee of the Board of Directors regarding ERMC activities and assessments, including those related to cybersecurity and cybersecurity incidents. The 24 Audit Committee of the board oversees our risk management program, which focuses on the most significant risks we face in the short-, intermediate-, and long-term timeframes. Audit Committee meetings include discussions of specific risk areas throughout the year, including, among others, those relating to cybersecurity threats, and reports from management on our enterprise risk profile on an annual basis. As of the date of this report, we are not aware of any risks from cybersecurity threats that have materially affected or are reasonably likely to materially affect the Company, including our business strategy, results of operations, or financial condition. Refer to the risk factor captioned Cyberattacks, security breaches, or similar events affecting the technologies and systems we rely on to operate our business and to maintain and protect sensitive Company and customer data could disrupt our operations, harm our reputation, and result in material losses in Part I, Item 1A. Risk Factors for additional details regarding cybersecurity risks and potential impacts on our business.

Company Information