Nauticus Robotics, Inc. 10-K Cybersecurity GRC - 2024-04-09

Page last updated on April 11, 2024

Nauticus Robotics, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-04-09 19:54:19 EDT.

Filings

10-K filed on 2024-04-09

Nauticus Robotics, Inc. filed an 10-K at 2024-04-09 19:54:19 EDT
Accession Number: 0001849820-24-000029

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Cybersecurity Program We have implemented a cybersecurity program to support both the effectiveness of our systems and our preparedness for information security risks. This program includes a number of safeguards, such as: password protection multi-factor authentication monitoring and alerting systems for internal and external threats and regular evaluations of our cybersecurity program. We use a risk-based approach with respect to our use and oversight of third-party service providers, tailoring processes according to the nature and sensitivity of the data accessed, processed, or stored by such third-party service provider. We use a number of means to assess cyber risks related to our third-party service providers, including conducting due diligence in connection with onboarding new vendors. We also seek to include appropriate security terms in our contracts, where applicable as part of our oversight of third-party providers. Process for Assessing, Identifying and Managing Material Risks from Cybersecurity Threats We maintain an incident response program. In the event of a cybersecurity incident, designated personnel are responsible for assessing the severity of an incident and associated threat, containing the threat, remediating the threat, including recovery of data and access to systems, analyzing any reporting obligations associated with the incident, and performing post-incident analysis and program enhancements. We maintain a Cybersecurity Policy, which includes an Incident Response Plan in the event of a significant cybersecurity incident. In the event of a significant cybersecurity incident, our IT Director will chair an incident response team to handle the incident. Such incident response team will include members of IT, finance (if applicable), legal, communications, human resources and any affected unit or department. IT, along with a designated forensic team, will use the Incident Response Plan to guide the response. Governance Management Oversight The controls and processes employed to assess, identify and manage material risks from cybersecurity threats are implemented and overseen by our IT Director. Our IT Director has over 10 years of experience addressing cybersecurity risks. Our IT Director is responsible for the day-to-day management of the cybersecurity program, including the prevention, detection, investigation, response to, and recovery from cybersecurity threats and incidents, and is regularly engaged to help ensure the cybersecurity program functions effectively in the face of evolving cybersecurity threats. Our Chief Technology Officer oversees the IT Director and briefs our board of directors on cybersecurity matters, including the nature and design of our cybersecurity program, and threats, events, and program enhancements. Board Oversight In its oversight role, our board of directors is expected to specifically consider risks, including with respect to privacy, information technology and cybersecurity and threats to technology infrastructure. On a regular basis, our IT Director will report to our board of directors on cybersecurity matters, including key risks, the potential impact of those exposures on our business, financial condition, results of operations, cash flows, reputation and prospects, and the programs and steps implemented by our management team to monitor and mitigate risks. 50 Table of Contents Cybersecurity Risks Our cybersecurity risk management processes are integrated into our overall approach to risk management. Given our nature and size, we do not have a dedicated enterprise risk function, but our management team regularly considers and evaluates risks. As part of that risk management process, our management team identifies, assesses and evaluates risks impacting our operations, including those risks related to cybersecurity, and raise them for internal discussion, and where it is determined to be appropriate, issues are also raised to our board of directors for consideration. As of the date of this Annual Report on Form 10-K, we are not aware of any previous cybersecurity incidents that have materially affected our business, financial condition, results of operations, cash flows, reputation and prospects or that are reasonably likely to have such a material effect. While we have implemented a cybersecurity program, the techniques used to infiltrate information technology systems continue to evolve. Accordingly, we may not be able to timely detect threats or anticipate and implement adequate security measures. For additional information regarding risks relating to privacy and cybersecurity, see Item 1A Risk Factors Risks Related to Our Business.

Company Information