PARKERVISION INC 10-K Cybersecurity GRC - 2024-03-21

Page last updated on April 11, 2024

PARKERVISION INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-21 16:06:01 EDT.

Filings

10-K filed on 2024-03-21

PARKERVISION INC filed an 10-K at 2024-03-21 16:06:01 EDT
Accession Number: 0001437749-24-008859

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. For purposes of the following disclosure, the terms “cybersecurity incident” and “cybersecurity threat” have the meanings given to such terms in Item 106 of Regulation S-K promulgated under the Securities Exchange Act of 1934. Given the small size of our organization, we leverage a third-party information technology (“IT”) service provider for management of our information systems needs. Our IT service provider works closely with executive management in the assessment, identification and management of cybersecurity threats. Cybersecurity threats are prevented and detected by multiple approaches, including perimeter defense, vulnerability management, intrusion testing, multifactor authentication and data protection. We are in the process of developing a formal cybersecurity awareness program that will include cybersecurity training for all employees and relevant contractors and will be integrated with our overall risk management process. Material risks from cybersecurity threats, including those associated with the use of third-party service providers, are assessed during our annual review of our enterprise risks and related controls. Our overall Board of Directors (“Board”) has oversight of all enterprise risks, including those arising from cybersecurity threats. The Board has not assigned that responsibility to any committee or subcommittee of the Board. Assessments of ongoing and emerging enterprise risks, including cybersecurity threats, if applicable, are an integral part of our regularly scheduled Board meetings. We have an informal cyber incident response plan for mitigating and remediating cybersecurity threats and incidents. Any identified cybersecurity threats and incidents are promptly reported to executive management who, along with our IT professionals, will assess the severity of the event and formulate a response. Our determination of the severity of a cybersecurity incident would generally include an evaluation of the incident’s effect on the Company, including (i) our business strategy, results of operations, or financial condition, (ii) the integrity, confidentiality, resiliency, and security of our networks and systems, and (iii) our operations. Based on the severity of the event, the Board will be notified and will provide strategic direction through the incident response and communication. We rely on technology in all aspects of our business, including information systems of our third-party service providers. The information systems upon which we depend have been, and likely continue to be, subject to cybersecurity threats such as unauthorized access attempts, business email compromise, phishing, malware, ransomware, hacking and other cyberattacks attempting to disrupt operations. Our dependence on these information systems exposes us to cyberattacks, both directly and through cyberattacks impacting our service providers. A significant cybersecurity incident could result in service interruptions, security events, regulatory compliance failures, the inability to protect employee or corporate information or assets against unauthorized access or use, or other operational difficulties. As described above, we continuously monitor our cybersecurity threats, including risks associated with our use of service providers. We are not aware of any risks from cybersecurity threats, or previous cybersecurity incidents, that have materially affected or are reasonably likely to materially affect our business strategy, results of operations, or financial condition.

Company Information