AgEagle Aerial Systems Inc. 10-K Cybersecurity GRC - 2024-04-01

Page last updated on April 11, 2024

AgEagle Aerial Systems Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-04-01 06:06:58 EDT.

Filings

10-K filed on 2024-04-01

AgEagle Aerial Systems Inc. filed an 10-K at 2024-04-01 06:06:58 EDT
Accession Number: 0001493152-24-012100

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBER SECURITY Cybersecurity Risk Management and Strategy We have developed and implemented a cybersecurity risk management program intended to protect the confidentiality, integrity, and availability of our critical systems and information. We design and assess our program based on the National Institute of Standards and Technology Cybersecurity Framework Special Publication 800-53, 800-61, rev 2 ( NIST CSF). This does not imply that we meet any particular technical standards, specifications, or requirements. We use the NIST CSF as a guide to help us identify, assess, and manage cybersecurity risks relevant to our business. Our cybersecurity risk management program is integrated into our overall enterprise risk management program and shares common methodologies, reporting channels, and governance processes that apply across the enterprise risk management program to other legal, compliance, strategic, operational, and financial risk areas. Our cybersecurity risk management program includes the following: risk assessments designed to help identify material cybersecurity risks to our critical systems, information, products, services, and our broader enterprise IT environment a security team principally responsible for managing (1) our cybersecurity risk assessment processes, (2) our security controls, and (3) our response to cybersecurity incidents the use of external service providers, where appropriate, to assess, test, or otherwise assist with aspects of our security controls cybersecurity awareness training of our employees, incident response personnel, and senior management and a cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents. There can be no assurance that our cybersecurity risk management program and processes, including our policies, controls or procedures, will be fully implemented, complied with or effective in protecting our systems and information. We have not identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected or are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition. For more information, please refer to Item 1A: Risk Factors for further insights into cyber attack-related risks. 37 Cybersecurity Governance Our Board considers cybersecurity risks as part of its risk oversight function of cybersecurity and other information technology risks. The Audit Committee oversees management s implementation of our cybersecurity risk management program and receives updates on the cybersecurity risk management program from management at least annually. In addition, management updates the Audit Committee regarding any material or significant cybersecurity incidents, as well as incidents with lesser impact potential as necessary. The Audit Committee reports to the full Board annually regarding cybersecurity. The full Board also receives annual briefings from external experts on cybersecurity as part of the Board s continuing education on topics that impact public companies. Ongoing Risks We have not experienced any material cybersecurity incidents. We have not identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected us, including our operations, business strategy, results of operations, or financial condition. For more information on our cybersecurity related risks, see Item 1A Risk Factors of this Annual Report on Form 10-K. Risk Management and Strategy The Company recognizes the critical importance of cybersecurity in safeguarding sensitive information, maintaining operational resilience, and protecting stakeholders interests. This cybersecurity policy is designed to establish a comprehensive framework for identifying, assessing, mitigating, and responding to cybersecurity risks across the organization. The Company is in the process of establishing a cybersecurity policy which implement protocols to evaluate, recognize, and address significant risks, including those posed by cybersecurity threats. This strategy encompasses the utilization of standard traffic monitoring tools, educating personnel to identify and report abnormal activities, and partnering with reputable service providers capable of upholding security standards equivalent to or exceeding our own. These measures are to be seamlessly integrated into our broader operational risk management framework aimed at minimizing exposure to unnecessary risks across our operations. For cybersecurity, we collaborate with expert consultants and third-party service providers to implement industry-standard strategies aimed at identifying and mitigating potential threats or vulnerabilities within our systems. Additionally, the policy strategy will have a comprehensive cyber crisis response plan to manage high severity security incidents, ensuring efficient coordination across the organization. Cybersecurity threats haven t significantly impacted our operations, and we don t anticipate such risks materially affecting our business, strategy, financial condition, or results of operations. However, given the escalating sophistication of cyber threats, our preventive measures may not always suffice. Despite well-designed controls, we acknowledge the inability to foresee all security breaches, including those stemming from third-party misuse of AI technologies, and the potential challenges in implementing timely preventive measures. Please refer to Item 1A: Risk Factors for further insights into cyber attack-related risks. The Chief Financial Officer will oversees our information security programs, including cybersecurity initiatives, and is integrated into our Cybersecurity Incident response process. The Audit committee oversees cybersecurity risk management activities, supported by Company management, the Board of Directors, and external consultants. We assess and prioritize risks based on potential impact, implement technical controls, and monitor third-party vendors security practices. 38

Company Information