NETSOL TECHNOLOGIES INC 10-K Cybersecurity GRC - 2024-09-30

Page last updated on October 1, 2024

NETSOL TECHNOLOGIES INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-09-30 14:11:19 EDT.

Filings

10-K filed on 2024-09-30

NETSOL TECHNOLOGIES INC filed a 10-K at 2024-09-30 14:11:19 EDT
Accession Number: 0001493152-24-038751

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C - CYBERSECURITY Cybersecurity Risk Management and Strategy We face various cyber risks, including, but not limited to, risks related to unauthorized access, misuse, data theft, computer viruses, system disruptions, ransomware, malicious software and other intrusions. We utilize a multilayered, proactive approach to identify, evaluate, mitigate and prevent potential cyber and information security threats through our cybersecurity risk management program. Our cybersecurity risk management program is designed to identify, assess, prioritize and mitigate risks across the organization to enhance our resilience and support the achievement of our strategic objectives. This integrated approach helps ensure that cyber risks are not viewed in isolation, but are assessed, prioritized and managed in alignment with the Company’s operational, financial and strategic risks, assisting the Company in more effectively managing interdependencies among risks and enhancing risk mitigation strategies. We devote resources to protecting the security of our computer systems, software, networks and other technology assets. Our efforts are designed to adapt with the evolution of information security risks and appropriate best practices and include physical, administrative and technical safeguards. Our cybersecurity risk management program is designed to help coordinate the Company’s identification of response to and recovery from cybersecurity incidents across all consolidated entities. This includes rapid identification, assessment, investigation and remediation of incidents, as well as complying with applicable legal obligations, communicated promptly and effectively. Our internal audit team assesses the effectiveness of our internal controls relating to cybersecurity. Our management team also engages, at times when needed, certain outside advisors and consultants to assist in the identification, oversight, evaluation and management of cybersecurity risks, as well as to advise on specific topics. As part of our overall risk mitigation strategy, the Company also maintains cyber insurance coverage; however, such insurance may not be sufficient in type or amount to cover us against claims related to security breaches, cyberattacks and other related breaches. We have various processes and procedures in place to evaluate cybersecurity threats associated with third parties. We have not identified any cybersecurity threats that have materially affected or are reasonably likely to materially affect our business strategy, performance, results of our operations, or financial condition. Cybersecurity Governance and Oversight The Company’s cybersecurity risk management program is supervised by our Senior Manager of Information Security (SMIS), who reports directly to the Company’s Chief Operating Officer (“COO”) in Pakistan. The SMIS and his team are responsible for leading enterprise-wide cybersecurity strategy, policy, standards, architecture and processes. Our current SMIS received his Bachelors in Computer Sciences and has over 20 years of cybersecurity experience, including relevant prior senior leadership experience at our companies. Furthermore, he has also achieved globally recognized information security certifications, including CISSP (Certified Information Systems Security Professional), CISA (Certified Information Systems Auditor), CISM (Certified Information Security Manager), CRISC (Certified in Risk and Information Systems Control), CompTIA Security+, ISO 27001 Lead Auditor, CEH (Certified Ethical Hacker), CHFI (Computer Hacking Forensic Investigator), among others. The SMIS attends and is invited to all Company Cybersecurity Committee meetings, a cross-functional management committee that drives awareness, ownership and alignment across broad governance for effective cybersecurity risk management. The Cybersecurity Committee is composed of senior leaders from our legal, information technology, cybersecurity, and audit sections. Subject matter experts are also invited, as appropriate. The Cybersecurity Committee meets at least quarterly and has responsibility for oversight and validation of the Company’s cybersecurity strategic direction, risks and threats, priorities, and resource allocation. The SMIS and his team, as well as the Cybersecurity Committee, are informed about and monitor the prevention, detection, mitigation and remediation of cybersecurity incidents in accordance with the Company’s cyber incident response plan. The Board of Directors receives regular reports from the SMIS and Cybersecurity Committee on, among other things, the Company’s cyber risks and threats, the status of projects to strengths of the Company’s information security systems, assessments of the Company’s security program, insurance, and the emerging threat landscape. In accordance with our cyber incident response plan, the Cybersecurity committee s promptly informed by SMIS’s team of cybersecurity incidents that could adversely affect the Company or its information systems and is also regularly updated about incidents with lesser impact potential. The Board of Directors and Audit committee are informed of any incidents that could adversely affect the Company by the Cybersecurity committee and SMIS’s team. 13 In an effort to detect and defend against cyber threats, the Company annually provides its employees with various cybersecurity and data protection training programs. These programs cover timely and relevant topics, including social engineering, phishing, password protection, confidential data protection, asset use and mobile security, and educate employees on the importance of reporting all incidents promptly to the Company’s centrally managed cyber defense and security operations.

Company Information