Guerrilla RF, Inc. 10-K Cybersecurity GRC - 2024-03-29

Page last updated on April 11, 2024

Guerrilla RF, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-29 17:00:56 EDT.

Filings

10-K filed on 2024-03-29

Guerrilla RF, Inc. filed an 10-K at 2024-03-29 17:00:56 EDT
Accession Number: 0001437749-24-010107

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Cybersecurity Risk Management and Strategy We recognize the paramount importance of cybersecurity in preserving the integrity, confidentiality, and availability of our systems, data, and operations. We are committed to maintaining a comprehensive cybersecurity posture that encompasses proactive risk management, robust defense mechanisms, and continuous monitoring. To this end, we employ a multifaceted approach to cybersecurity, which includes regular assessments of our infrastructure, applications, and processes to identify vulnerabilities and weaknesses. Furthermore, we prioritize ongoing employee education and awareness initiatives to cultivate a culture of security throughout our organization. Our workforce receives regular training on best practices, emerging threats, and incident response procedures to empower them to be active participants in our cybersecurity efforts. Additionally, we enforce strict access controls and data encryption protocols to safeguard sensitive information and mitigate the risk of unauthorized access or data breaches. While we have implemented extensive measures to fortify our defenses against cyber threats, it is important to acknowledge that the cybersecurity landscape is constantly evolving, with threat actors employing increasingly sophisticated tactics. Despite our best efforts, we cannot guarantee that our systems will be completely immune to cyber attacks. As such, we maintain a proactive stance in monitoring for emerging threats and vulnerabilities, leveraging threat intelligence sources and collaborating with industry partners to stay abreast of evolving risks. In the event of a cybersecurity incident, we have established incident response protocols designed to facilitate swift and effective remediation efforts. These protocols outline clear escalation procedures, delineate responsibilities among key stakeholders, and emphasize transparency and communication with internal teams, regulatory authorities, and affected parties. In summary, while we maintain confidence in the effectiveness of our cybersecurity measures, we acknowledge the dynamic nature of the cybersecurity landscape and remain vigilant in our efforts to adapt and respond to emerging threats. Our commitment to cybersecurity extends beyond mere compliance it is a fundamental aspect of our corporate ethos and a cornerstone of our efforts to safeguard the interests of our shareholders, customers, and stakeholders. We enlist the support of third-party providers to bolster our cybersecurity risk management. These providers offer ongoing assistance, such as threat monitoring, mitigation strategies, updates on emerging trends and developments, and policy guidance. Additionally, we engage specific providers for targeted assistance, such as security and forensic expertise, as the need arises. Before sharing any sensitive data or integrating with a third-party provider, we conduct a thorough assessment of their security capabilities in alignment with our risk posture and request modifications as deemed necessary. Cybersecurity Governance Oversight for cybersecurity risk lies with the Audit Committee. Periodically the Audit Committee will work with our IT management to provide a full update to the board on continuous improvements made to our monitoring and preventative activities, as well as information on those monitoring activities itself such as attempts of unauthorized access to systems. Our IT management team is directly responsible for cyber security and maintaining of protection, keeping abreast of latest cyber security issues and concerns, monitoring threats, and the design and updating of policies and procedures along with appropriate education for all company employees. Our IT staff and management team have been trained on current industry standards and best practices and hold degrees and have experience necessary to have the skills necessary to address such threats. IT management is also responsible for the appropriate communications regarding threats and breaches should they occur and appropriate shut down and recovery activities and have action plans in place. As of December 31, 2023, we have not encountered any cybersecurity threats that have had a material impact on our operations, business strategy, financial results, or overall financial health.

Company Information