Beneficient 10-K Cybersecurity GRC - 2024-07-09

Page last updated on July 16, 2024

Beneficient reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-07-09 17:23:11 EDT.

Filings

10-K filed on 2024-07-09

Beneficient filed a 10-K at 2024-07-09 17:23:11 EDT
Accession Number: 0001775734-24-000029

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C - CYBERSECURITY Cybersecurity Risk Management and Strategy We recognize the critical importance of developing, implementing, and maintaining robust cybersecurity measures to help maintain the security, confidentiality, integrity, and availability of our business systems and confidential information, including personal information and intellectual property. We have established policies and processes for assessing, identifying, and managing material risk from cybersecurity threats. This includes processes to oversee and identify material risks from cybersecurity threats associated with our use of third-party service providers and maintaining a cyber incident response plan designed to assist us in identifying, responding to and recovering from cybersecurity incidents. We utilize third parties to assess the effectiveness of our cybersecurity program on a periodic basis. This includes cybersecurity assessors and cybersecurity experts to assist in the identification, verification, and validation of material risks from cybersecurity threats, as well as to support associated mitigation plans when necessary. We have integrated these cybersecurity processes into our overall risk management framework, systems, and processes. We routinely assess material risks from cybersecurity threats, including any potential unauthorized occurrence on or conducted through our information systems that may result in adverse effects on the confidentiality, integrity, or availability of our information systems or any information residing therein. We conduct a regular cybersecurity risk assessment process through our Chief Technology Officer and dedicated information security team which reports to our management-level information technology steering committee, which is a subset of our management-level enterprise risk committee. These committees meet at least quarterly to discuss and evaluate risks that could be material to our business, including cybersecurity threats. This management-level enterprise risk committee is comprised of key leadership across the Company, including our Chief Executive Officer, Chief Financial Officer, Chief Underwriting Officer, President & Chief Fiduciary Officer, and General Counsel . As part of our overall risk management system, our dedicated information security team monitors and tests our cybersecurity policies and procedures through methods such as periodic reviews, targeted assessments, and tabletop exercises. All personnel are made aware of our cybersecurity policies and procedures upon hire and through periodic refresher trainings. Such policies and procedures cover areas such as identity and access management, vendor management, data governance and protection, vulnerability management, incident response, and operational risk management. Our cybersecurity policies and procedures are also incorporated into our broader risk management framework such that all enterprise and operational risks are evaluated in a holistic manner. We have not experienced any cybersecurity incidents that have materially impacted or are likely to materially impact our business strategy, results of operations, or financial condition based on information known to us as of the date of this Annual Report on Form 10-K. Although we cannot eliminate all potential threats, our cybersecurity program is operated in a manner to minimize the likelihood of any threat becoming material and to keep pace with a constantly evolving cybersecurity landscape. For additional description of cybersecurity risks and potential related impacts on the Company, refer to the risk factor captioned " Any cybersecurity attack or other security breach of our technology systems, or those of third-party vendors we rely on, could subject us to significant liability and harm our business operations and reputation " in “Item 1A. Risk Factors.” Cybersecurity Governance Our management is responsible for the day-to-day oversight and management of our enterprise risks, including risks from cybersecurity threats. As described in “Risk Management and Strategy” above, primary responsibility for assessing, monitoring, and managing our cybersecurity risks rests with our Chief Technology Officer and dedicated information security team, who develop, prioritize, and execute our cybersecurity strategy in partnership with relevant departments and business units. Our Chief Technology Officer, who has over 20 years of information technology experience including cybersecurity and information security, oversees our cybersecurity framework and reports to our management-level information technology steering subcommittee and management-level enterprise risk management committee. Our Chief Technology Officer is assisted in this oversight role by additional members of management. Our Board, as a whole and as assisted by Board-level Enterprise Risk Committee, has responsibility for the oversight of our cybersecurity risk management framework. Consistent with this approach, our Board and Enterprise Risk Committee maintain oversight of cybersecurity matters through discussions with management, question and answer sessions, and reports from the management team, which generally occur on a quarterly basis and ad hoc as needed. Such reports include updates on any cybersecurity incidents and mitigation efforts. Our Board and our Enterprise Risk Committee also receive regular and ad hoc reports from our management-level enterprise risk committee on all enterprise risks, including risks from cybersecurity threats. Our Audit Committee provides additional oversight on our cybersecurity risk management framework, with an emphasis on public reporting obligations and the effects cybersecurity risks could have on our financial condition generally.

Company Information