AtlasClear Holdings, Inc. 10-K Cybersecurity GRC - 2024-10-15

Page last updated on October 16, 2024

AtlasClear Holdings, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-10-15 17:48:02 EDT.

Filings

10-K filed on 2024-10-15

AtlasClear Holdings, Inc. filed a 10-K at 2024-10-15 17:48:02 EDT
Accession Number: 0001410578-24-001681

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Board of Directors Oversight Our board of directors, as a whole and through its committees, holds oversight responsibility for our risk management processes, including risks from cybersecurity threats. Our board of directors exercises its oversight function through the audit committee, which oversees the management of risk exposure across various areas, including cybersecurity risk. The audit committee is comprised of board members with diverse expertise including risk management and technology, which we believe enables the board to oversee cybersecurity risks. Management’s Role Our management is responsible for day-to-day administration and management of our cybersecurity program and for informing the audit committee of cybersecurity risks. We may also work with external security service providers to support our security monitoring and threat detection capabilities. Primary responsibility for assessing, monitoring and managing our cybersecurity risks rests with our information technology team overseen by the Executive Chairman. With over twenty-five years of technology development experience in the financial services industry, our Executive Chairman is familiar with our technology infrastructure and risk profile. Our information technology team tests our infrastructure for known cybersecurity risks and leads our employee training program on matters related to cybersecurity. The Executive Chairman and information technology team seek to implement and oversee processes for monitoring our information systems. This includes the deployment of advanced security measures and system audits to identify potential vulnerabilities. If a potential breach is identified, it is raised to the attention of senior management to help mitigate any further vulnerabilities. Cybersecurity Risk Management and Strategy The goal of our cybersecurity program is to establish processes for identification, assessment, and management of cybersecurity risks. We conduct periodic risk assessments, including with support from external vendors, if needed, to assess our cyber program, identify potential areas of enhancement, and develop strategies for the mitigation of cyber risks. We also conduct security testing and have established a vulnerability detection process, supported by security testing, that is designed to address the treatment of identified security risks based on severity. Our risk assessments include, but are not limited to: Interfaces Storage security Applications Hardware security Data Remote access security IT architecture Information flow Risks from Cybersecurity Threats Some potential cybersecurity threats include, but are not limited to: ● Human errors or sabotage : Company employees or a third-party having access to the system could cause errors or allow for sabotage that may cause company losses. Our procedures seek to identify the risks that can be caused by human error or intent and includes processes to mitigate with a particular focus on training employees to avoid human errors. ● Data leaks : Data leaks could result in a breach of our privacy policies for customers sensitive data, resulting in potential regulatory violations or commercial litigation. Our processes aim to restrict access and monitor for leaks of internal and/or external data. ● Unauthorized access : Unauthorized access could be due to password theft, malware attacks, employee involvement, or hackers. Preventing unauthorized access is a top priority within our cybersecurity protocols. ● Natural or man-made disasters : Data can be threatened by natural or human disasters. Lightning strikes, fire, floods, hurricanes, bombings, etc. Without proper data backup, all company data could be compromised in one incident. Backups, co-location of servers and data is regularly monitored and adjusted as needed with a goal of insulating the Company from this type of risk. ● Failed system : Our cybersecurity policies contemplate enterprise system failures due to cyber-attacks, network connections, hardware challenges, bottleneck problems and other issues. We seek to mitigate these potential vulnerabilities through monitoring and redundancy. We have not identified any cybersecurity incidents or threats that have materially affected us or are reasonably likely to materially affect us, including our business strategy, results of operations or financial condition; however, like other companies in our industry, we and our third-party vendors may, from time to time, experience threats and security incidents relating to our and our third-party vendors’ information systems. For more information about the cybersecurity risks we face, see " Increased cybersecurity requirements, vulnerabilities, threats, and more sophisticated and targeted computer crime could pose a risk to our systems, networks, products, services, and data " in “Risk Factors” in Part I, Item 1A of this Annual Report on Form 10-KT.

Company Information