Breeze Holdings Acquisition Corp. 10-K Cybersecurity GRC - 2024-04-24

Page last updated on April 25, 2024

Breeze Holdings Acquisition Corp. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-04-24 20:29:14 EDT.

Filings

10-K filed on 2024-04-24

Breeze Holdings Acquisition Corp. filed an 10-K at 2024-04-24 20:29:14 EDT
Accession Number: 0001213900-24-035903

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY On July 26, 2023, the SEC adopted rules requiring registrants to disclose material cybersecurity incidents they experience and to disclose on an annual basis material information regarding their cybersecurity risk management, strategy and governance. The final rules became effective 30 days following publication of the adopting release in the Federal Register. The Form 10-K disclosures are due beginning with annual reports for fiscal years ending on or after December 15, 2023. Our board of directors is generally responsible for the oversight of risks from cybersecurity threats, if any. Breeze maintains a cyber risk management program designed to identify, assess, manage, mitigate, and respond to cybersecurity threats as appropriate for a Special Purpose Acquisition Company ( SPAC ). Breeze s cybersecurity risk profile will significantly change upon completion of the pending Business Combination transaction with TV Ammo, Inc. described in Item 1. Business within this Report. The cyber risk management program will be re-evaluated upon the close of the Business Combination. Breeze has an annual assessment of the Company s cyber risk management program performed by a third-party specialist. The cyber risk management assessment incorporates recognized best practices and standards for cybersecurity and information technology of the National Institute of Standards and Technology Cybersecurity Framework. The annual risk assessment identifies, quantifies, and categorizes material cyber risks. In addition, the Company, in conjunction with the third-party cyber risk management specialists, develops a risk mitigation plan to address such risks, and where necessary, remediate potential vulnerabilities identified through the annual assessment process. Breeze employs additional measures within the cybersecurity risk management program including identity access management controls such as restricted access of privileged accounts, periodic reviews of user access, and segregation of duties and anti-malware/anti-virus tools. 50 Cybersecurity partners to the Company, including consultants are a key part of the Company s cybersecurity risk management strategy and infrastructure and provide services including, cyber risk advisory. Breeze partners with industry recognized cybersecurity providers leveraging third-party technology and expertise. Breeze currently does not have significant operations. The Company is focused on effecting an initial business combination with one or more businesses. Upon completion of the pending Business Combination with TV Ammo, Breeze will face risks from cybersecurity threats that could have a material adverse effect on its business, financial condition, results of operations, cash flows or reputation. Breeze acknowledges that the risk of a cyber incident is prevalent in the current threat landscape and that a future cyber incident may occur in the normal course of its business. No prior cybersecurity incidents have been identified by the Company. The Company proactively seeks to detect and investigate unauthorized attempts and attacks against Company IT assets and data, and to prevent their occurrence and recurrence where practicable, however, potential vulnerabilities to known or unknown threats will remain. Further, there is increasing regulation regarding responses to cybersecurity incidents, including reporting to regulators, investors, and additional stakeholders, which could subject us to additional liability and reputational harm. In response to such risks, the Company plans to implement initiatives such as implementation of the cybersecurity risk assessment process and development of an incident response plan. See Item 1A. Risk Factors for more information on cybersecurity risks.

Company Information