Wilhelmina International, Inc. 10-K Cybersecurity GRC - 2024-03-26

Page last updated on April 11, 2024

Wilhelmina International, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-26 17:01:21 EDT.

Filings

10-K filed on 2024-03-26

Wilhelmina International, Inc. filed an 10-K at 2024-03-26 17:01:21 EDT
Accession Number: 0001171843-24-001610

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY RISK MANAGEMENT AND STRATEGY We have developed and implemented a cybersecurity risk management program intended to protect the confidentiality, integrity, and availability of our critical systems and information. Our cybersecurity risk management program includes a cybersecurity incident response plan. Our cybersecurity risk management program is designed to identify, assess, and manage the cybersecurity risks that are relevant to our business and is integrated into our overall enterprise risk management program, and shares common methodologies, reporting channels and governance processes that apply across the enterprise risk management program to other legal, compliance, strategic, operational, and financial risk areas. Our cybersecurity risk management program includes: risk assessments designed to help identify material cybersecurity risks to our critical systems, information, products, services, and our broader enterprise information technology environment managing (i) our cybersecurity risk assessment processes, (ii) our security controls, and (iii) our response to cybersecurity incidents the use of external service providers, where appropriate, to assess, test or otherwise assist with aspects of our security controls carrying cyber risk insurance that provides protection (as specified in the applicable policies) against certain potential costs and losses arising from a cybersecurity incident regular communications to all employees from management informing of the types of threats to be aware of and procedure to follow when a risk has been identified requiring employees, as well as contractors who have access to our systems or the data of our employees or customers, to treat information as confidential. We have not identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected or are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition. We have not currently engaged any third party service providers to support, manage, or supplement our cybersecurity processes. GOVERNANCE Cybersecurity is an important part of our risk management processes and an area of increasing focus for the Company s Board of Directors and management. The Audit Committee of the Company s Board of Directors is responsible for the oversight of risks from cybersecurity threats. The Audit Committee periodically receives updates from management and our third party IT support specialists of our cybersecurity threat risk management and mitigation strategies covering topics such as data security posture and potentially material cybersecurity threat risks or incidents, as well as the steps management has taken to respond to such risks. In such sessions, the Audit Committee generally receives information describing current and emerging material cybersecurity threat risks, and describing the company s plans to mitigate those risks, and discusses such matters with our third party IT support specialists and other members of senior management. Potentially material cybersecurity threat risks are also considered during separate Board discussions of important matters like enterprise risk management. While the Audit Committee reviews and oversees the Company s information security efforts, senior leadership is responsible for the day-to-day management of cybersecurity risk and the design and implementation of policies, processes and procedures to identify and mitigate this risk. These members of management are informed about and monitor the prevention, mitigation, detection, and remediation of cybersecurity incidents through their management of, and participation in, the cybersecurity risk management and strategy processes described above, including the operation of our incident response plan. 8

Company Information