LM FUNDING AMERICA, INC. 10-K Cybersecurity GRC - 2024-04-01

Page last updated on April 11, 2024

LM FUNDING AMERICA, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-04-01 10:39:53 EDT.

Filings

10-K filed on 2024-04-01

LM FUNDING AMERICA, INC. filed an 10-K at 2024-04-01 10:39:53 EDT
Accession Number: 0000950170-24-038953

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. Cybersecurity Risk Management and Strategy We recognize the importance of assessing, identifying and managing material risks associated with cybersecurity threats, as such term is defined in Item 106(a) of Regulation S-K. Our share of Bitcoins mined from our pools are initially received by us in wallets we control. We currently sell the majority of the Bitcoin we mine and utilize hot wallets to hold this Bitcoin immediately prior to selling for working capital purposes. We hold any remainder of our Bitcoin in cold storage. Bitcoins we mine or hold for our own account may be subject to loss, theft or restriction on access. Hackers or malicious actors may launch attacks to steal, compromise or secure Bitcoins, such as by attacking the Bitcoin network source code, exchange miners, third-party platforms (including Gemini), cold and hot storage locations or software, or by other means. We may be in control and possession of substantial holdings of Bitcoin, and as we increase in size, we may become a more appealing target of hackers, malware, cyber-attacks or other security threats. Our management evaluates all cybersecurity matters, with the purpose of meeting at least semi-annually and providing recommendations with respect to our information technology use and protection, including, but not limited to, data governance, privacy, compliance and cybersecurity. We have implemented controls, policies, procedures and technological safeguards to maintain and protect the integrity, continuous operation, redundancy and security of our IT systems and data that we believe to be reasonably consistent with industry standards and practices, or as required by applicable regulatory standards. We are also required to comply with applicable laws, rules, regulations and contractual obligations relating to the privacy and security of our IT systems and data and to the protection of such IT systems and data from unauthorized use, access, misappropriation or modification. To our knowledge there has been no security breach or incident, unauthorized access or disclosure, or other compromise of or relating to the Company or its subsidiaries hard wallets, cold wallets, information technology and computer systems, networks, hardware, software, data and databases, equipment or technology. We have not been notified of, and have no knowledge of any event or condition that could result in, any security breach or incident, unauthorized access or disclosure or other compromise to their IT systems and data, and we have implemented appropriate controls, policies, procedures, and technological safeguards to maintain and protect the integrity, continuous operation, redundancy and security of our IT systems and Data reasonably consistent with industry standards and practices, or as required by applicable regulatory standards. We are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT systems and data and to the protection of such IT systems and data from unauthorized use, access, misappropriation or modification. Cybersecurity Governance Our Board of Directors considers cybersecurity risk and other information technology risks as part of its risk oversight function and meets at least quarterly to discuss matters involving cybersecurity risks. The Chief Executive Officer and Chief Financial Officer provide information to our Board of Directors regarding its activities, including those related to cybersecurity risks, and are responsible for notifying the Board of material cybersecurity incidents.

Company Information