Quantum Computing Inc. 10-K Cybersecurity GRC - 2024-04-01

Page last updated on April 11, 2024

Quantum Computing Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-04-01 16:36:43 EDT.

Filings

10-K filed on 2024-04-01

Quantum Computing Inc. filed an 10-K at 2024-04-01 16:36:43 EDT
Accession Number: 0001213900-24-028799

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY A robust and consistent approach to cybersecurity is critical to achieving our strategic business objectives and protecting our intellectual property. As an advanced technology company developing quantum photonic products, we face a wide range of cybersecurity threats such as ransomware and denial-of-service attacks that affect most industry sectors, to attacks from highly sophisticated adversaries, including nation state actors, that target dual-use advanced technologies such as quantum computing. Our customers, suppliers and other business partners face similar cybersecurity threats, and a cybersecurity incident impacting us or any of these entities could materially adversely affect our operations, performance and results of operations. We are continually evaluating best practices and methods to protect the Company from a wide range of potential threats. Due to the risks that these cybersecurity threats pose to our business, we are investing in cyber defense systems and training programs. The Board, through the Risk Committee, oversees the Company s processes for identifying and mitigating risks, including cybersecurity risks. Company management periodically briefs the Board on our cybersecurity and information security policies and plans, and the Board is apprised of cybersecurity incidents deemed to have a moderate or higher business impact. In the event of an incident, the Company has developed an incident response plan, which sets forth the steps to be followed from incident detection and assessment to mitigation, recovery and notification and reporting, including notifying functional areas (e.g. legal), as well as senior leadership and the Board, as appropriate. We continue to evaluate our cybersecurity requirements to address the evolving cybersecurity risks that the Company faces in an increasingly technically capable environment. The Company has implemented policies for its personnel, including awareness programs, travel security programs and other related cybersecurity best practices. The information technology team manages the Company s cybersecurity policies, including employee training, with the ultimate goal of preventing cybersecurity incidents, if possible, while also maintaining IT system performance and data integrity to minimize the business impact should an incident occur. The Company is coordinating closely with the Board s Risk Committee to ensure that the Company will implement the appropriate cybersecurity technologies to protect the Company and its intellectual property. Third parties play an important role in our cybersecurity program. We engage third-party services to conduct evaluations of our security controls, including penetration testing and consulting on best practices. The third-party services include testing both the design and operational effectiveness of security controls. Although we take cybersecurity risks seriously, we may not be successful in preventing or mitigating a cybersecurity incident that could have a material adverse effect on the Company. While the Company maintains cybersecurity insurance, the costs related to cybersecurity threats or disruptions may not be fully insured. See Item 1A. Risk Factors for a discussion of cybersecurity risks. 27

Company Information