BION ENVIRONMENTAL TECHNOLOGIES INC 10-K Cybersecurity GRC - 2024-09-30

Page last updated on October 1, 2024

BION ENVIRONMENTAL TECHNOLOGIES INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-09-30 16:36:46 EDT.

Filings

10-K filed on 2024-09-30

BION ENVIRONMENTAL TECHNOLOGIES INC filed a 10-K at 2024-09-30 16:36:46 EDT
Accession Number: 0001553350-24-000141

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY. We face cybersecurity risks as a result of the variety of networks and systems we must defend against cybersecurity attacks; and the level of harm that could occur if we suffer impacts of a material cybersecurity incident. We are committed to robust oversight of these risks and implementing mechanisms, controls, technologies, and processes designed to help us assess, identify, and manage these risks. In the year ended December 31, 2023, we did not experience a material “cybersecurity incident” as such term is defined in Item 106(a) of Regulation S-K. However, we have experienced two such material breaches in the past (see Form 10-K for the year ended 2023) and there can be no guarantee that we will not experience such incidents in the future. Such incidents could result in us incurring significant costs related to implementing threat protection measures, and the possibility of such incidents could result in additional costs in defending against litigation, responding to regulatory inquiries or actions, paying damages, or taking other remedial steps with respect to third parties, as well as incurring significant reputational harm. Further, cybersecurity threats are constantly evolving, increasing the difficulty of successfully defending against them or implementing adequate preventative measures. While we seek to detect and investigate unauthorized attempts and attacks against our network and to prevent their occurrence where practicable, we remain potentially vulnerable to known or unknown threats. In some instances, we may be unaware of a threat or incident or its magnitude and effects for some time. Further, there is increasing regulation regarding responses to cybersecurity incidents, including reporting to regulators, which could subject us to additional liability and reputational harm. See “Item 1A. Risk Factors” of this Annual Report for more information on our cybersecurity risks and product vulnerability risks. We incorporate industry best practices throughout our cybersecurity program to the extent practicable for a company of our size and resources. New leadership is committed to improving our cybersecurity strategy, with the goal of enhancing controls, technologies, and other processes to assess, identify, and manage material cybersecurity risks. Our cybersecurity program will be aligned with applicable industry standards and maintained by a third-party technology firm. The third-party firm has processes in place to assess, identify, manage, and address material cybersecurity threats and incidents. These include, among other things, annual and ongoing security awareness advice for employees; mechanisms to detect and monitor unusual network activity; and containment and incident response tools. Our third-party IT/ cybersecurity firm reports to our Chief Executive Officer (“CEO”). The third-party firm is informed about and monitors prevention, detection, mitigation, and remediation efforts through regular communication and reporting from professionals within its team and through the use of technological tools and software. Our CEO reports directly to the Board of Directors on our cybersecurity program and efforts to prevent, detect, mitigate, and remediate issues. Cybersecurity reviews by the Board of Directors will occur at least annually, or more frequently as determined to be necessary or advisable.

Company Information