Aeries Technology, Inc. 10-K Cybersecurity GRC - 2024-09-27

Page last updated on September 27, 2024

Aeries Technology, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-09-27 17:00:51 EDT.

Filings

10-K filed on 2024-09-27

Aeries Technology, Inc. filed a 10-K at 2024-09-27 17:00:51 EDT
Accession Number: 0001829126-24-006527

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cyber Security Risk Management and Strategy The Company’s risk management program includes governance through the cybersecurity committee, consisting of senior executive management team along with legal and other key holders. Our Enterprise Risk Management lead is tasked with integrating any cybersecurity risk considerations into overall risk management strategy. Risk management includes regular risk assessments to identify internal and external risks and to evaluate the magnitude of harm that could arise out of such risks. Further, risk management may utilize third party service providers where complementary and supplementary to the Company’s overall business strategy. Lastly, risk management includes training and education over the continuously evolving landscape of cybersecurity threats. We engage external parties, including consultants, independent privacy assessors, computer security firms, training service providers and risk management and governance experts, to enhance our cybersecurity oversight. For example, we have engaged an outside consulting firm with expertise in the field to help us assess our systems, monitor risk and implement best practices and to support the internal audit of our cyber security programs and we regularly consult with industry groups on emerging industry trends. In addition, as part of our overall risk mitigation strategy, we maintain cyber insurance coverage. Our cybersecurity policies, standards and procedures include cyber and data breach response plans, which are periodically assessed against the ISO 27001, National Institute of Standards and Technology Cybersecurity Framework (NIST CSF), and other relevant standards. Material effects of cybersecurity threats Although cybersecurity risks have the potential to affect the business, financial condition, and results of operations, we do not believe that risks from attacks, including results from any previous cybersecurity incidents or threats, have materially affected or likely to materially affect our strategy, operations or financial condition. However, no matter how well controls or designed or how well cybersecurity risk management procedures are implemented, there can be no full assurance given that risk remains of an incident that could cause material harm to the business. See " Our business relies heavily on owned and third-party technology and computer systems, which subjects us to various uncertainties " in the section entitled " Risk Factors “. Governance and Management Our board of directors addresses our cybersecurity risk management as part of its general oversight function. As part of the Board’s oversight, the Board will receive a report at least annually from our cybersecurity committee, covering updates on our cybersecurity risks and threats, the status of projects intended to strengthen our information security systems, assessments of the cybersecurity program, and the emerging threat landscape. Our cybersecurity committee plays an active role by meeting periodically to review the status of the Company’s cyber security program and roadmap for new cybersecurity risk management initiatives. The committee oversees cybersecurity risk management by evaluating whether management has robust cybersecurity policies and procedures, regularly assessing and monitoring cybersecurity risks, and receiving regular reports on the Company’s cybersecurity posture. The Cybersecurity Committee holds monthly review meetings, to discuss the status of the Company’s Cybersecurity posture, plans and projects underway, and to discuss any changes in existing policies and procedures. Our cybersecurity risk management processes are devised, implemented and assessed quarterly by our Cybersecurity lead, Enterprise Risk Management lead and Head of IT Strategy and Solutions. Our leads have extensive experience in cybersecurity and information technology, and based on their careers, have a deep understanding of our information technology and business needs. Our leads report to the cybersecurity committee monthly regarding emerging risks and the overall cybersecurity environment and immediately when a cybersecurity incident occurs. Our IT heads and Cybersecurity lead closely monitor cybersecurity risks, including our practices and procedures against the cybersecurity environment, including the operation of our incident response plan. Our cybersecurity program is designed to ensure the confidentiality, integrity, and availability of data and systems as well as to ensure timely identification of and response to any incidents. This design is geared toward supporting our business objectives and the needs of our valued customers, employees, and other stakeholders. We strongly believe that cybersecurity is a collective responsibility that extends to every employee, and we prioritize it as an ongoing objective. To increase our employees’ awareness of cyber threats, we provide education and share best practices through a security awareness training program. This includes receiving quarterly exercises, cyber-event simulations, training programs and incorporating our Technology Acceptable Use Policy into onboarding and training materials. 40

Company Information