Associated Capital Group, Inc. 10-K Cybersecurity GRC - 2024-03-21

Page last updated on April 11, 2024

Associated Capital Group, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-21 17:26:44 EDT.

Filings

10-K filed on 2024-03-21

Associated Capital Group, Inc. filed an 10-K at 2024-03-21 17:26:44 EDT
Accession Number: 0001437749-24-008882

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Cybersecurity Risk Management and Strategy We have developed and implemented a cybersecurity risk management program intended to protect the confidentiality, integrity and availability of our critical systems and information. Our cybersecurity risk management program is aligned with the Company s business strategy. It shares common methodologies, reporting channels and governance processes that apply to other areas of enterprise risk, including legal, compliance, strategic, operational, and financial risk. Key elements of our cybersecurity risk management program include: risk assessments designed to help identify material cybersecurity risks to our critical systems, information, products, services, and our broader enterprise information technology environment a security team principally responsible for managing our cybersecurity risk assessment processes, our security controls, and our response to cybersecurity incidents the use of external service providers, where appropriate, to assess, test or otherwise assist with aspects of our security controls training and risk awareness programs for team members that include periodic and ongoing assessments to drive adoption and awareness of cybersecurity processes and controls a cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents and a third-party risk management process for service providers, suppliers, and vendors. In the last three years, the Company has not experienced any material cybersecurity incidents, and expenses incurred from cybersecurity incidents were immaterial. The operations of the Company are dependent on technology information and communications systems. A failure of any such system, or a security breach or cyberattack related thereto, could significantly disrupt the Company s operations. The service providers of the Company are also subject to cybersecurity threats. If the Company and/or any service provider of the Company fails to adopt, implement or adhere to adequate cybersecurity measures, or in the event of a breach of any network, information relating to the Company or the Company s operations, as well as personal information relating to the Company s clients, may be lost, damaged or corrupted, or improperly accessed, used or disclosed. 10 Table of Contents Any system failure, security breach or cyberattack on the Company and/or any service provider of the Company could cause the Company to suffer financial loss, disruption to its business, including its trading capabilities and its ability to transfer payments, increased operating costs, liability to third parties, regulatory intervention and reputational damage, among other things, any one or all of which could have a material adverse effect on the Company. Cybersecurity Governance Our Board of Directors is responsible for overseeing cybersecurity threats, among other things. Our Chief Technology Officer, who reports to our Chief Executive Officer and President, provides our senior management and our Board of Directors periodic reports on our cybersecurity risks and any material cybersecurity incidents. Our cybersecurity risk management team, in conjunction with various information technology, internal audit, legal and compliance personnel, has primary responsibility for our overall cybersecurity risk management program. Our team of cybersecurity professionals, led by our Chief Technology Officer, who has over 20 years of experience in the cybersecurity space and advanced training in the field of cybersecurity and technology, has primary responsibility for our internal cybersecurity personnel and our retained external cybersecurity consultants. Our information technology team also monitors the prevention, detection, mitigation, and remediation of cybersecurity risks and incidents through various means, which may include briefings with internal personnel, threat intelligence and other information obtained from governmental, public or private sources, including external consultants engaged by us, and alerts and reports produced by security tools deployed in the information technology environment.

Company Information