TERAWULF INC. 10-K Cybersecurity GRC - 2024-03-19

Page last updated on April 11, 2024

TERAWULF INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-19 21:08:30 EDT.

Filings

10-K filed on 2024-03-19

TERAWULF INC. filed an 10-K at 2024-03-19 21:08:30 EDT
Accession Number: 0001083301-24-000072

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. Cybersecurity Cybersecurity Risk Management and Strategy We have developed and implemented a cybersecurity risk management program intended to protect the confidentiality, integrity, and availability of our critical systems and information. Our cybersecurity risk management program is one component of our information security program that guides continuous improvement to, and evaluates these security objectives for our critical systems, data, and operations. Additionally, our cybersecurity risk management program includes a cybersecurity incident response plan. Our approach to controls and risk management is based on guidance from the National Institute of Standards and Technology ( NIST ). This does not mean that we meet any particular technical standards, specifications, or requirements, but rather that we use the NIST framework as a guide to help us identify, assess, and manage cybersecurity controls and risks relevant to our business. Our cybersecurity risk management program is integrated into our overall enterprise risk management program, and shares common methodologies, reporting channels and governance processes that apply across the enterprise risk management program to other legal, compliance, strategic, operational, and financial risk areas. Our cybersecurity risk management program includes: identifying cybersecurity risks that could impact our facilities, third-party vendors/partners, operations, critical systems, information, and broader enterprise information technology environment. Risks are informed by threat intelligence, current and historical adversarial activity, and industry specify threats risk assessments designed to help identify material cybersecurity risks to our critical systems, information, services, and our broader enterprise IT environment an Information Security and Cybersecurity policy which establishes administrative, physical, and technical controls and procedures to protect data and systems individuals, including employees and external third party service providers, who are responsible for managing our cybersecurity risk assessment processes, our security controls, and our response to cybersecurity incidents the use of external service providers, where appropriate, to assess, test, monitor, respond or otherwise assist with aspects of our security controls cybersecurity awareness training of our employees, incident response personnel, and senior management and a cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents. We have not identified risks from known cybersecurity threats that have materially affected us, including our operations, business strategy, results of operations, or financial condition. We face risks from cybersecurity threats that, if realized, are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition. See Risk Factors - Cyberattacks, data breaches or malware may disrupt our operations and trigger significant liability for us, which could harm our operating results and financial condition, and damage our reputation or otherwise materially harm our business. 23 Table of Contents Cybersecurity Governance Our Board considers cybersecurity risk as part of its risk oversight function and oversees management s implementation of our cybersecurity risk management program. The Board receives regular reports from management on our cybersecurity risks. In addition, management updates the Board, as necessary, regarding any material cybersecurity incidents, as well as any incidents with lesser impact potential. The Board also receives briefings from management on our cyber risk management program. Board members receive presentations on cybersecurity topics from our Vice President of Information Technology, risk management and internal security staff or external experts as part of the Board s continuing education on topics that impact public companies. Our management team is responsible for assessing and managing our material risks from cybersecurity threats. The team has primary responsibility for our overall cybersecurity risk management program and supervises both our internal cybersecurity personnel and our retained external cybersecurity consultants. Our information security organization is comprised of internal and external security and technology professionals. We continue to make investments in information security resources to mature, expand, and adapt our capabilities to address emerging cybersecurity risks and threats. In addition, we have newly formed a multifunctional cybersecurity committee comprised of information technology, operations, risk, and finance members who will meet quarterly to assess new vulnerabilities and threats, update risk assessments and assess the implementation of the Company s cybersecurity risk management program. This committee will report periodically to the management team on matters involving cybersecurity risks and incidents. Our management team supervises efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, which may include briefings from internal security personnel threat intelligence and other information obtained from governmental, public or private sources, including external consultants engaged by us and alerts and reports produced by security tools deployed in the information technology environment.

Company Information