SPECTRAL CAPITAL Corp 10-K Cybersecurity GRC - 2025-06-23

Page last updated on June 24, 2025

SPECTRAL CAPITAL Corp reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-06-23 20:16:47 EDT.

Filings

10-K filed on 2025-06-23

SPECTRAL CAPITAL Corp filed a 10-K at 2025-06-23 20:16:47 EDT
Accession Number: 0001096906-25-001012

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. CYBERSECURITY Spectral maintains a comprehensive cybersecurity risk management program designed to identify, protect against, detect, respond to, and mitigate reasonably foreseeable cybersecurity threats to the Company’s operations. This program incorporates internal controls and safeguards aligned with industry standards - including access controls, data encryption, network monitoring, and employee cybersecurity training - to protect the confidentiality, integrity, and availability of the Company’s information assets. We utilize a range of security tools and procedures to continuously monitor our systems and prevent unauthorized access or data loss. In addition, the Company has implemented a formal incident response plan that outlines procedures for promptly addressing and containing cybersecurity incidents. This incident response plan is tested and updated periodically (e.g., through tabletop simulations and third-party penetration testing) to ensure preparedness and effective remediation of any identified security events. Oversight and Governance: Cybersecurity risk management is overseen at the highest levels of the Company’s leadership. The Board of Directors, through its Audit Committee, is responsible for monitoring the Company’s cybersecurity risks and related risk management practices. The Audit Committee receives regular reports from management on cybersecurity matters, including updates on risk assessments, security improvements, and any relevant threat developments or incidents. Senior management has designated personnel (including information technology and security officers) to manage day-to-day cybersecurity operations and to implement cybersecurity policies, controls, and procedures. These personnel regularly brief the Audit Committee and the Board on the status of the Company’s cybersecurity posture and risk mitigation activities. The Company also provides periodic cybersecurity training to all employees to reinforce security awareness and protocol compliance as part of its internal control framework. 16 Risk Management Processes: Spectral conducts regular assessments of cybersecurity vulnerabilities and emerging threats across its systems and products. Our risk management approach draws on widely accepted frameworks (such as the NIST Cybersecurity Framework) to prioritize risks and guide the implementation of appropriate security measures. We engage independent security experts to perform evaluations of our cybersecurity program - including periodic third-party security audits and penetration testing - in order to test the effectiveness of our safeguards and to identify areas for improvement. Additionally, the Company maintains a third-party risk management program that assesses and monitors the cybersecurity practices of critical vendors and partners, helping ensure that our service providers uphold robust data security standards. Findings from these ongoing risk assessments and tests are used to continually enhance our internal controls and cybersecurity defenses. As of the date of this Annual Report, the Company has not experienced any known cybersecurity incidents that had a material effect on our business, operations, or financial condition. During the reporting period, no cybersecurity breach or attack has been identified that resulted in significant data loss, financial costs, or operational disruptions for Spectral. Nevertheless, cybersecurity threats continue to evolve rapidly, and no security program can guarantee absolute protection against all attacks. A significant cybersecurity incident in the future could potentially cause substantial harm to the Company, including business interruptions, remediation costs, reputational damage, loss of sensitive information, or legal and regulatory consequences. Spectral remains proactive in updating and strengthening its cybersecurity measures in light of new threats and technological changes. For further information on the risks associated with cybersecurity and data protection, refer to the “Risk Factors” section of this Annual Report (Item 1A) which discusses these risks in more detail.

Company Information