Page last updated on July 16, 2024
Conifer Holdings, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-04-01 16:46:53 EDT.
Filings
10-K filed on 2024-04-01
Conifer Holdings, Inc. filed a 10-K at 2024-04-01 16:46:53 EDT
Accession Number: 0000950170-24-039426
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
ITEM 1C. CYBERSECURITY Identifying, assessing and managing cybersecurity risks is an important component of Conifer’s overall enterprise risk management program. As with the management of risks generally, given our holding company structure, the management of cybersecurity risks involves coordination between the Company and its consolidated subsidiaries. The Company and each of its consolidated subsidiaries are responsible for developing a cybersecurity program appropriate for their respective businesses. The design of these cybersecurity programs is informed by the Center for Internet Security Critical Security Controls framework (“CISCSC”). This does not imply that these programs meet all specifications of CISCSC, but rather that we use them as a guide to help us identify, assess and manage cybersecurity risks relevant to our business. The cybersecurity programs developed by the Company and its consolidated subsidiaries include, among other things, (i) advanced threat protection and detection systems; (ii) vulnerability scanning and testing of network defenses; (iii) user authentication, role-based access, and privileged access management; (iv) data encryption, loss prevention, backup and recovery mechanisms; (v) employee training; (vi) disaster recovery testing and (vii) security assessments of third-party service providers. Our cybersecurity risk management program is part of our overall enterprise risk management program, and shares common methodologies, reporting channels and governance processes that apply across the enterprise risk management program to other legal, compliance, strategic, operational, and financial risk areas. We have not identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents in the past three fiscal years, that have materially affected or are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition. Cybersecurity Governance Our Board considers cybersecurity risk as part of its risk oversight function and has delegated to the Audit Committee oversight of cybersecurity and other information technology risks. The Audit Committee oversees management’s implementation of our cybersecurity risk management program. Our management team, including our Chief Information Officer, is responsible for assessing and managing our material risks from cybersecurity threats.
Company Information
Name | Conifer Holdings, Inc. |
CIK | 0001502292 |
SIC Description | Fire, Marine & Casualty Insurance |
Ticker | CNFR - NasdaqCNFRZ - Nasdaq |
Website | |
Category | Non-accelerated filer Smaller reporting company |
Fiscal Year End | December 30 |