PIONEER POWER SOLUTIONS, INC. 10-K Cybersecurity GRC - 2024-07-26

Page last updated on July 26, 2024

PIONEER POWER SOLUTIONS, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-07-26 16:59:48 EDT.

Filings

10-K filed on 2024-07-26

PIONEER POWER SOLUTIONS, INC. filed a 10-K at 2024-07-26 16:59:48 EDT
Accession Number: 0001493152-24-029269

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY We operate in the industrial sector, which is subject to various cybersecurity risks that could adversely affect our business, financial condition, and results of operations, including intellectual property theft; fraud; extortion; harm to employees or customers; violation of privacy laws and other litigation and legal risk; and reputational risk. We recognize the critical importance of developing, implementing, and maintaining robust cybersecurity measures to safeguard our information systems and protect the confidentiality, integrity, and availability of our data. We currently have security measures in place to protect our employees, customers, and corporate data and prevent data loss and other security breaches, including a cybersecurity risk assessment program. Both management and our board of directors are actively involved in the continuous assessment of risks from cybersecurity threats, including prevention, mitigation, detection, and remediation of cybersecurity incidents. Our current cybersecurity risk assessment program consists of not only real-time monitoring of things from patching policies to mandatory multi-factor authentication, but also policies in place for encryption of data both in transmission and at rest. The program outlines governance, policies and procedures, and technology we use to oversee and identify risks from cybersecurity threats and is informed by previous cybersecurity incidents we have observed in our company, in our industry, and as reported by our cybersecurity partner CCS Business Solutions, Inc. 17 Management, along with CCS Business Solutions, Inc., are responsible for day-to-day assessment and management of risks from cybersecurity threats, including the prevention, mitigation, detection, and remediation of cybersecurity incidents. The individuals currently serving in these roles are the Chief Financial Officer as the representative of our management, and the CEO of CCS Business Solutions, Inc. The CEO of CCS Business Solutions, Inc. has over 20 years of experience in the technology industry, with most of that experience being specifically in cybersecurity. He also has formal education with a degree in Computer Science with a concentration in Artificial Intelligence, mainly involving self-learning algorithms. The board of directors is responsible for oversight of risks from cybersecurity threats in conjunction with our senior management team and CCS Business Solutions, Inc. This includes receiving reports and updates from our outside partner CCS Business Solutions, Inc. with respect to the management of risks from cybersecurity threats. Such reports cover our information technology security program, including its current status, capabilities, objectives and plans, as well as the evolving cybersecurity threat landscape. Additionally, the board of directors considers risks from cybersecurity threats as part of its oversight of our business strategy and risk management. We routinely undertake activities to prevent, detect, and minimize the effects of cybersecurity incidents, including assessments of our data access in the form of user audits, real-time monitoring of risk on a per system level as it pertains to AV completeness, system vulnerabilities, and third-party patching. In addition to this, we actively monitor and practice disaster recovery and business continuity plans in the event that any risk is able to circumvent the controls we have in place. We leverage the advice of third-party consultants and auditors to help us assess and identify risks from cybersecurity threats, including the threat of a cybersecurity incident, and manage our risk assessment program. Among other things, these providers perform a an audit of the datacenter from the top down annually, to ensure that controls are effective, still implemented to the fullest, and are meeting industry standards. We also have policies and procedures to oversee and identify the risks from cybersecurity threats associated with our use of third-party service providers. Our core third-party service provider in the technology space is audited yearly through our Sarbanes Oxley process, providing line-of sight to their internal operations along with their SSAE-16 certification. To date, no cybersecurity incident (or aggregation of incidents) or cybersecurity threat has materially affected our results of operations or financial condition. However, an actual or perceived breach of our security could damage our reputation, or subject us to third-party lawsuits, regulatory fines or other actions or liabilities, any of which could adversely affect our business, operating results or financial condition. It is for this reason we are constantly reevaluating our cybersecurity stance, posturing against industry standards to try and effectively mitigate our risk. We currently maintain a cyber liability insurance policy. However, our cyber liability insurance may be inadequate or may not be available in the future on acceptable terms, or at all. In addition, our cyber liability insurance policy may not cover all claims made against us, and defending a suit, regardless of its merit, could be costly and divert management’s attention from our business and operations.

Company Information