Katapult Holdings, Inc. 10-K Cybersecurity GRC - 2024-04-24

Page last updated on April 24, 2024

Katapult Holdings, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-04-24 16:52:31 EDT.

Filings

10-K filed on 2024-04-24

Katapult Holdings, Inc. filed an 10-K at 2024-04-24 16:52:31 EDT
Accession Number: 0001628280-24-017691

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Cybersecurity Risk Management At Katapult, cybersecurity risk management is an integral part of our overall enterprise risk management program and information security protocols. Our cybersecurity risk management program is based on industry best practices and CIS Critical Security Controls for handling cybersecurity threats and incidents, including threats and incidents associated with the use of internally developed applications and services provided by third-party service providers, and facilitate coordination across different departments of our company. This framework includes steps for assessing the severity of a cybersecurity threat, identifying the source of a cybersecurity threat including whether the cybersecurity threat is associated with a third-party service provider, implementing cybersecurity countermeasures and mitigation strategies and informing management and our board of directors of material cybersecurity threats and incidents. Our cybersecurity team also engages third-party security experts for risk assessment and system enhancements. In addition, our cybersecurity team provides training to all employees throughout the year. Our board of directors has overall oversight responsibility for our risk management, and delegates cybersecurity risk management oversight to the audit committee of the board of directors. The audit committee is responsible for ensuring that management has processes in place designed to identify and evaluate cybersecurity risks to which the company is exposed and implement processes and programs to manage cybersecurity risks and mitigate cybersecurity incidents. The audit committee also reports material cybersecurity risks to our full board of directors. Management is responsible for identifying, considering, and assessing material cybersecurity risks on an ongoing basis, establishing processes to ensure that such potential cybersecurity risk exposures are monitored, putting in place appropriate mitigation measures and maintaining cybersecurity programs. Our cybersecurity programs are under the direction of our Chief Technology Officer, or CTO, who receives reports from our cybersecurity team and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents. Our CTO and dedicated personnel are certified and experienced information systems security professionals and information security managers with over 15 years of experience and are certified information systems security professionals. Management, including the CTO and our cybersecurity team, regularly update the audit committee on the company s cybersecurity programs, material cybersecurity risks and mitigation strategies and provide cybersecurity reports quarterly that cover, among other topics, third-party assessments of the company s cybersecurity programs, developments in cybersecurity, learning and training activities and updates to the company s cybersecurity programs and mitigation strategies. Despite our efforts, we cannot eliminate all risks from cybersecurity threats, or provide assurances that we have not experienced an undetected cybersecurity incident. For more information about these risks, please see Risk Factors Risks Relating to Our Technology and Our Platform in this annual report on Form 10-K. 46

Company Information