BTC Digital Ltd. 10-K Cybersecurity GRC - 2024-04-15

Page last updated on April 15, 2024

BTC Digital Ltd. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-04-15 11:29:16 EDT.

Filings

10-K filed on 2024-04-15

BTC Digital Ltd. filed an 10-K at 2024-04-15 11:29:16 EDT
Accession Number: 0001213900-24-032825

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. Cybersecurity We recognize the importance of assessing, identifying, and managing material risks associated with cybersecurity threats, as such term is defined in Item 106(a) of Regulation S-K. These material risks are managed across us, our subsidiaries, and third-party contractors, and monitoring such risks and threats is integrated into our overall risk management program. Our risk management program is comprised of, among other things, policies that are designed to identify, assess, manage, and mitigate cybersecurity risk, and is based on applicable laws and regulations, informed by industry standards and best practices. Our Chief Financial Officer is responsible for our cybersecurity program, and our Manager of Cybersecurity is our incident response team leader. In this position, our Manager of Cybersecurity oversees our cybersecurity team, and guides our incident response team, which is comprised of members from across our organization, including cybersecurity, IT support, mining operations, software engineering, compliance and legal, as well as contractors and other partners, as they support our cybersecurity functions. Our Manager of Cybersecurity has nearly two decades of experience in cybersecurity management and policy, achieved through job training and higher education, and possesses a background in security and alignment of information technology solutions. Our Response Plan, developed by management and our cybersecurity team, and IT support team, serves as a Company-wide guide to facilitate coordinated, prompt, and systematic responses to any cybersecurity incidents and utilizes four interconnecting phases: (1) Preparation (2) Detection and Analysis (3) Containment, Eradication, and Recovery and (4) Post-Incident Activity. Upon detection of a cybersecurity incident and initial intake and validation by our cybersecurity team, our incident response team triages and evaluates the cybersecurity incident, and, depending on the severity, escalates the incident to management and a cross-functional working group. Any incident assessed as potentially being or potentially becoming material is immediately escalated for further assessment and reported to executive management. Determination of what resources are needed to address the incident, prioritizing of response activities, forming of action plans, and notification of external parties as needed are then undertaken by executive management and the cross-functional working group, led by our Chief Financial Officer and Manager of Cybersecurity. We consult with outside counsel as appropriate, including on materiality analysis and disclosure matters, and our executive management makes the final materiality and disclosure determinations, among other compliance decisions. In 2023, we did not identify any cybersecurity threats that have materially affected or are reasonably likely to materially affect our business strategy, results of operations or financial condition. However, despite our efforts, we may not be successful in eliminating all risks from cybersecurity threats and can provide no assurances that undetected cybersecurity incidents have not occurred. See Part I, Item 1A. Risk Factors of this Annual Report for more information regarding the cybersecurity risks we face. 38

Company Information