Omnitek Engineering Corp 10-K Cybersecurity GRC - 2024-04-15

Page last updated on April 16, 2024

Omnitek Engineering Corp reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-04-15 18:06:10 EDT.

Filings

10-K filed on 2024-04-15

Omnitek Engineering Corp filed an 10-K at 2024-04-15 18:06:10 EDT
Accession Number: 0001096906-24-000839

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. RISKS RELATED TO CYBERSECURITY Cybersecurity risks could adversely affect our business and disrupt our operations. The threats to network and data security are increasingly diverse and sophisticated. Despite our efforts and processes to prevent breaches, our devices, as well as our servers, computer systems, and those of third parties that we use in our operations are vulnerable to cybersecurity risks, including cyber-attacks such as viruses and worms, phishing attacks, denial-of-service attacks, physical or electronic break-ins, employee theft or misuse, and similar disruptions from unauthorized tampering with our servers and computer systems or those of third parties that we use in our operations, which could lead to interruptions, delays, loss of critical data, unauthorized access to user data, and loss of consumer confidence. In addition, we may be the target of email scams that attempt to acquire personal information or company assets. Despite our efforts to create security barriers to such threats, we may not be able to entirely mitigate these risks. Any cyber-attack that attempts to obtain our or our users data and assets, disrupt our service, or otherwise access our systems, or those of third parties we use, if successful, could adversely affect our business, operating results, and financial condition, be expensive to remedy, and damage our reputation. In addition, Page 20 any such breaches may result in negative publicity, adversely affect our brand, decrease demand for our products and services, and adversely affect our operating results and financial condition. We are increasingly dependent on information technology and our systems and infrastructure face certain risks, including cybersecurity and data leakage risks. Significant disruptions to our information technology systems or breaches of information security could adversely affect our business. We are increasingly dependent on sophisticated information technology systems and infrastructure to operate our business. Occasionally we also outsource elements of our operations to third parties, some of which are outside the U.S., including elements of our information technology infrastructure, and as a result we are managing many independent vendor relationships with third parties who may or could have access to our confidential information. The size and complexity of our information technology systems, and those of our third-party vendors with whom we contract, make such systems potentially vulnerable to service interruptions. In addition, we and our vendors could be susceptible to third party attacks on our information technology systems. Such attacks are increasingly sophisticated and are made by groups and individuals with a wide range of motives and expertise, including state and quasi-state actors, criminal groups, hackers and others. Any security breach or other disruption to our or our vendors information technology infrastructure could also interfere with or disrupt our business operations, including our manufacturing, distribution, R&D, sales and/or marketing activities. In the ordinary course of business, we and our vendors collect, store and transmit large amounts of confidential information (including trade secrets or other intellectual property, proprietary business information and personal information), and it is critical that we do so in a secure manner to maintain the confidentiality and integrity of such confidential information. The size and complexity of our and our vendors systems and the large amounts of confidential information that is present on them also makes them potentially vulnerable to security breaches from inadvertent or intentional actions by our employees, partners or vendors, or from attacks by malicious third parties. Maintaining the security, confidentiality and integrity of this confidential information (including trade secrets or other intellectual property, proprietary information, business information and personal information) is important to our competitive business position. However, such information can be difficult to protect. While we have taken steps to protect such information, and to ensure that the third-party vendors on which we rely have taken adequate steps to protect such information, there can be no assurance that our or our vendors efforts will prevent service interruptions or security breaches in our systems or the unauthorized or inadvertent wrongful use or disclosure of confidential information that could adversely affect our business operations or result in the loss, misappropriation, and/or unauthorized access, use or disclosure of, or the prevention of access to, confidential information. A breach of our or our vendors security measures or the accidental loss, inadvertent disclosure, unapproved dissemination, misappropriation or misuse of trade secrets, proprietary information, or other confidential information, whether as a result of theft, hacking, fraud, trickery or other forms of deception, or for any other cause, could enable others to produce competing products, use our proprietary technology or information, and/or adversely affect our business position. Further, any such interruption, security breach, or loss, misappropriation, and/or unauthorized access, use or disclosure of confidential information, including personal information regarding our patients and employees, could result in financial, legal, business, and reputational harm to us and could have a material adverse effect on our business, financial condition, results of operations, cash flows, and/or ordinary share price. If we sustain cyber-attacks or other privacy or data security incidents that result in security breaches, we could suffer a loss of sales and increased costs, exposure to significant liability, reputational harm and other negative consequences. Our information technology may be subject to cyber-attacks, security breaches or computer hacking. Hackers and data thieves are increasingly sophisticated and operate large-scale and complex automated attacks. Experienced computer programmers and hackers may be able to penetrate our security controls and misappropriate or compromise sensitive personal, proprietary or confidential information, create system disruptions or cause shutdowns. They also may be able to develop and deploy malicious software programs that attack our systems or otherwise exploit any security vulnerabilities. Our systems and the data stored on those systems may also be vulnerable to security incidents or security attacks, acts of vandalism or theft, coordinated attacks by activist entities, misplaced or lost data, human errors, or other similar events that could negatively affect our systems and the data stored on those systems, and the data of our business partners. Further, third parties, such as hosted solution providers, which provide services to the Company, could also be a source of security risk in the event of a failure of their own security systems and infrastructure. Page 21 The costs to eliminate or address the foregoing security threats and vulnerabilities before or after a cyber incident could be significant. Our remediation efforts may not be successful and could result in interruptions, delays or cessation of service, and the loss of existing or potential suppliers or customers. In addition, breaches of our security measures and the unauthorized dissemination of sensitive personal, proprietary or confidential information about the Company, our business partners or other third parties could expose us to significant potential liability and reputational harm. As threats related to cyber-attacks develop and grow, we may also find it necessary to make further investments to protect our data and infrastructure, which may impact the Company s results of operations. In case of a cyber-attack, the Company may suffer losses that could have a material adverse effect on its business. As a global enterprise, we could also be negatively impacted by existing and proposed laws and regulations, and government policies and practices related to cybersecurity, data privacy, data localization and data protection. In addition, our customers may encourage, or require, compliance with certain security standards, such as the voluntary cybersecurity framework released by the National Institute of Standards and Technology (NIST), which consists of controls designed to identify and manage Cybersecurity risks, and we could be negatively impacted to the extent we are unable to comply with such standards. Our business is subject to cybersecurity risks. Our operations are increasingly dependent on information technologies and services. Threats to information technology systems associated with cybersecurity risks and cyber incidents or attacks continue to grow, and include, among other things, storms and natural disasters, terrorist attacks, utility outages, theft, viruses, phishing, malware, design defects, human error, or complications encountered as existing systems are maintained, repaired, replaced, or upgraded. Risks associated with these threats include, among other things: Theft or misappropriation of funds loss, corruption, or misappropriation of intellectual property, or other proprietary or confidential information (including customer, supplier, or employee data) disruption or impairment of our and our customers business operations and safety procedures damage to our reputation with our customers and the market exposure to litigation loss or damage to our worksite data delivery systems and increased costs to prevent, respond to or mitigate cybersecurity events. Although we utilize various procedures and controls to mitigate our exposure to such risk, cybersecurity attacks and other cyber events are evolving and unpredictable. Moreover, we have no control over the information technology systems of our customers, suppliers, and others with which our systems may connect and communicate. As a result, the occurrence of a cyber incident could go unnoticed for a period of time. We do not presently maintain insurance coverage to protect against cybersecurity risks. If we procure such coverage in the future, we cannot ensure that it will be sufficient to cover any particular losses we may experience as a result of such cyber-attacks. Any cyber incident could have a material adverse effect on our business, financial condition and results of operations. A cybersecurity incident could negatively impact our business and our relationships with customers and expose us to litigation risk. We use computers in substantially all aspects of our business operations. We also use mobile devices, social networking and other online activities to connect with our employees and our customers. Such uses give rise to cybersecurity risks, including security breach, espionage, system disruption, theft and inadvertent release of information. Our business involves the storage and transmission of numerous classes of sensitive and/or confidential information and intellectual property, including customers personal information, private information about employees, and financial and strategic information about the Company and its business partners. We also rely on a Payment Card Industry compliant third party to protect our customers credit card information. While we have implemented measures to prevent security breaches and cyber incidents, our preventative measures and incident response efforts may not be entirely effective. The theft, destruction, loss, misappropriation, or release of sensitive and/or confidential information or intellectual property, or interference with our information technology systems or the technology systems of third parties on which we rely, could result in business disruption, negative publicity, brand damage, violation of privacy laws, loss of customers, potential litigation and liability and competitive disadvantage. Page 22

Company Information