Wetouch Technology Inc. 10-K Cybersecurity GRC - 2024-04-16

Page last updated on April 17, 2024

Wetouch Technology Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-04-16 20:05:15 EDT.

Filings

10-K filed on 2024-04-16

Wetouch Technology Inc. filed an 10-K at 2024-04-16 20:05:15 EDT
Accession Number: 0001493152-24-014934

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. Cybersecurity Risk Management We face significant and persistent cybersecurity risks due to the need to protect our business, our confidential information and information concerning our personnel and others with whom we conduct business. As with other technology companies, we occasionally face threats from actors who seek to disrupt our business as well as others who are engaging in malicious activities for profit, to make a political point or for no particular reason other than creating disruption. Disclosure of certain information as a result of a cybersecurity breach may result is a breach of privacy laws. The substantial level of harm that could occur to us and our suppliers and customers were we to suffer impacts of a material cybersecurity incident and our use of third-party products, services and components requires us to maintain robust governance and oversight of these risks and to implement mechanisms, technologies and processes designed to help us assess, identify, and eliminate these risks. While we have not, as of the date of this Annual Report, experienced a cybersecurity threat or incident that resulted in a material adverse impact to our business or operations, we cannot assure you that we will not experience such an incident in the future. Any cybersecurity incidents, whether or not successful, could result in our incurring additional costs related to, for example, rebuilding our internal systems, implementing additional threat protection measures, responding to regulatory inquiries or actions, paying damages or making payments to obtain access to our computer systems, or taking other remedial steps with respect to third parties, as well as incurring significant reputational harm. We have seen an increase in cyberattack volume, frequency, and sophistication. We seek to detect and investigate unauthorized attempts and attacks against our network, products, and services, and to prevent their occurrence and recurrence where practicable through changes or updates to our internal processes and tools and changes or updates to our products and services however, we remain potentially vulnerable to known or unknown threats. In some instances, we, our suppliers, our customers, and the users of our products and services can be unaware of a threat or incident or its magnitude and effects. Further, there are increasing regulation requirements regarding responses to cybersecurity incidents, including reporting to regulators, which could subject us to additional liability and reputational harm. 44 Governance Following these risk assessments, we evaluate whether and how to re-design, implement, and maintain reasonable safeguards to mitigate identified risks and reasonably address any identified gaps in existing safeguards. Our IT leadership reports to our Chief Executive Officer (CEO) periodically and on an as-needed basis to manage our risk assessment and mitigation process. We monitor and test our safeguards and regularly conduct training for our employees on these safeguards, in collaboration with human resources, IT, and management. We are committed to promoting a company-wide culture of cybersecurity risk management. We have not encountered cybersecurity risks, threats or incidents that have materially affected or are reasonably likely to materially affect the Company, our business strategy, results of operations, or financial condition during the financial year ended December 31, 2023.

Company Information