Superior Drilling Products, Inc. 10-K Cybersecurity GRC - 2024-03-15

Page last updated on July 16, 2024

Superior Drilling Products, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-15 16:54:43 EDT.

Filings

10-K filed on 2024-03-15

Superior Drilling Products, Inc. filed a 10-K at 2024-03-15 16:54:43 EDT
Accession Number: 0001493152-24-010123

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY We face various cybersecurity threats that could adversely affect our business, financial condition, and results of operations. We have implemented processes and procedures to assess, identify, and manage these risks, as well as to respond to and mitigate the impact of any potential or actual cybersecurity incidents to our information systems and the information residing therein. Our processes for assessing and identifying cybersecurity risks include regular network security assessments, vulnerability scans, penetration tests, and audits of our information systems, as well as monitoring and analysis of network activity and threat intelligence. We engage third-party service providers to assist us with some of these activities. We also have processes to oversee and identify cybersecurity risks associated with our use of third-party service providers, such as conducting due diligence, reviewing contracts, and verifying compliance with security standards and best practices. Our cybersecurity risk management processes have been integrated into our enterprise risk framework, which identifies, aggregates, and evaluates risks across the enterprise. We identify our enterprise risks through each member of our management team, along with counsel from our internal auditors and attorneys and we present an assessment of our enterprise risks to our board of directors on an annual basis. Our information technology management plays an integral part in the identification and communication of cybersecurity risks to our management team. 24 Despite our efforts, there is the ever-present risk that our systems and/or data will suffer a successful cyber incident such as unauthorized access, use, disclosure, modification, or destruction by hackers, cybercriminals, state-sponsored actors, insiders, or other malicious actors. We have experienced attempts to compromise our systems and/or data. These attempts included phishing attacks, malware infections, and unauthorized access attempts. We do not believe that these attempts, if successful, would have resulted in a material adverse effect on our business, financial condition, or results of operations. We continue to be diligent in preventing, detecting, and responding to a cyber incident. However, we cannot guarantee that we will not suffer cybersecurity incidents in the future, which could result in: ● Loss of or damage to our data, intellectual property, or other proprietary or confidential information; ● Interruption or degradation of our operations, services, or systems availability; ● Compromise or corruption of our data or systems integrity; ● Reputational harm or loss of customer trust or confidence; ● Legal liability, regulatory fines, penalties, or sanctions; ● Remediation or mitigation costs, such as increased security expenditures, investigation expenses, or litigation fees; ● Increased insurance premiums or difficulty in obtaining adequate insurance coverage; or ● Other negative consequences. Any of these outcomes could have a material adverse effect on our business, financial condition, or results of operations.

Company Information