SIEBERT FINANCIAL CORP 10-K Cybersecurity GRC - 2024-05-10

Page last updated on July 16, 2024

SIEBERT FINANCIAL CORP reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-05-10 16:26:17 EDT.

Filings

10-K filed on 2024-05-10

SIEBERT FINANCIAL CORP filed a 10-K at 2024-05-10 16:26:17 EDT
Accession Number: 0001213900-24-041746

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Cybersecurity presents significant challenges to the business community in general, as well as to the financial services industry. Increasingly, bad actors, both domestically and internationally, attempt to steal personal data and/or interrupt the normal functioning of businesses through accessing individuals’ and companies’ files and equipment connected to the internet. Recently, intruders have become increasingly sophisticated and use deceptive methods to steal funds and personally identifiable information which they either take for their own purposes, release to the internet, or hold for ransom. Regulators are increasingly requiring companies to provide more advanced levels of cybersecurity measures. Our cybersecurity program aims to identify, manage, and mitigate cybersecurity risks - both internal and client-facing. We continue to maintain systems and ongoing planning measures to minimize the disruption of our services to clients as well as to prevent the loss of data concerning our clients, their financial affairs, and company-privileged information from cybersecurity incidents. Cybersecurity Risk Management & Strategy We utilize the widely recognized National Institute of Standards and Technology (“NIST”) Cybersecurity Framework (“CSF”) as the foundation of our cybersecurity program, with strategic direction aligned to the following core functions: ● Identify: We continuously assess our systems, data, and vulnerabilities to understand our cybersecurity risk profile. We enlist third-party cybersecurity consultants and vendors to support our cybersecurity efforts, tapping into their specialized knowledge and insights to assess and test the effectiveness of our cybersecurity program and to inform decision-making on detection and the deployment of defense measures, commensurate with our risk profile. As part of our Vendor Risk Management program, we periodically examine our third-party providers’ and vendors’ risks by reviewing the content and enforcement of their cybersecurity standards, policies, and procedures. We also employ real-time monitoring to detect suspicious activity in order to minimize risks associated with data breaches or other security incidents that may arise from third-party sources or insider threats. Siebert 2023 Form-10K 16 ● Protect: We implement technical safeguards, including access controls, data encryption, network security, endpoint protection, and regular vulnerability patching. Our employee training and awareness programs are designed to improve cybersecurity awareness throughout the organization, and we are committed to educating our employees on security best practices coupled with industry-relevant context such as anti-money laundering, social engineering, and fraud. ● Detect: We employ automated monitoring tools and operational procedures for timely detection of anomalies, cybersecurity events, and potential cybersecurity incidents. ● Respond: We have a Security Incident Response Plan, supported by operational procedures, to help guide response teams to prioritize and execute containment, investigation, eradication, and communication for confirmed cybersecurity incidents or breaches. ● Recover: Our Business Continuity & Disaster Recovery Plan is in place to enable response to significant business disruptions and timely restoration of systems, data, and business operations following confirmed cybersecurity incidents or disaster scenarios. We also incorporate industry-relevant context and emphasize security considerations beyond the core NIST CSF functions: ● Regulatory Compliance: We integrate cybersecurity controls that address requirements of FINRA, SEC, and other relevant regulatory bodies. ● Financial Transaction Security: We employ specific fraud detection and prevention measures to protect client funds and trading operations. ● Market Integrity: We strive to safeguard systems and data that contribute to fair and efficient markets. However, this does not mean that we meet any particular technical standards, specifications, or requirements, but only that we use the NIST CSF as a guide to help us identify, assess, and manage cybersecurity risks relevant to our business. Our cybersecurity program is integrated into our overall risk management process by providing periodic updates to certain members of the management team which in turn regularly provide updates to our Board of Directors. As of the filing of this Report, we are not aware of any cybersecurity incidents that have occurred since the beginning of 2023 that have materially affected, or are reasonably likely to materially affect us, including our business strategy, results of operations or financial condition. We acknowledge that we cannot eliminate all security risks within our organization, and we cannot guarantee that any undetected cybersecurity incidents have occurred. For additional information about these risks, see Part I, Item 1A, - Risk Factors of this Report. Cybersecurity Governance The management and assessment of cybersecurity risks and related risk management processes are handled primarily by our Chief Information Security Officer (“CISO”), whose experience includes approximately 25 years of cybersecurity experience leading and building cybersecurity programs for global Fortune 500 companies. Our CISO’s extensive cybersecurity background is supplemented with industry-leading certifications and credentials such as Cisco’s CCIE Security, Palo Alto Networks (PNCSE, PCDRA, PSE), Juniper Networks (JNCIS), and Checkpoint (CCSE) specializations on Endpoint Detection and Security Architecture. Our Chief Technology Officer (“CTO”), whose experience includes approximately 25 years of managing technology strategy and programs at public financial services organizations, also has key responsibilities and input into the management of our cybersecurity risks from a technology perspective. In order to monitor the prevention, detection, mitigation and remediation of cybersecurity incidents, our CISO, CTO, and respective technology and operations teams monitor the cybersecurity threat landscape, plan and implement security controls, and detect and respond to cybersecurity threats and incidents using a combination of security tooling, automated systems, and manual processes. Our Board of Directors, through its Audit Committee, oversees the cybersecurity risk management program. The Board of Directors and the Audit Committee are informed about risks from cybersecurity threats through periodic updates and reports provided by management. The periodic updates include briefing materials on our security posture, emerging cybersecurity threats and risks, cybersecurity incident response planning, significant cybersecurity incidents and breaches, and cybersecurity-related matters involving third parties or vendors. Siebert 2023 Form-10K 17

Company Information