Unique Logistics International, Inc. 10-K Cybersecurity GRC - 2024-10-17

Page last updated on October 17, 2024

Unique Logistics International, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-10-17 17:23:36 EDT.

Filings

10-K filed on 2024-10-17

Unique Logistics International, Inc. filed a 10-K at 2024-10-17 17:23:36 EDT
Accession Number: 0001493152-24-041450

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. From time to time, the Company is subject to attempted cyber-attacks and other cybersecurity risks. The nature of our business requires that we store and exchange electronically with appropriate parties and systems personally identifiable information that may be targeted in an attempted cybersecurity breach. In addition, our business is heavily reliant on various information technology and application systems that may be impacted by a malicious cyber-attack. These cyber incidents may cause lost revenues or increased expenses stemming from reputational damage and fines related to breach of personally identifiable information, inability to use certain systems for a period of time, loss of financial assets, remediation and litigation costs and increased cybersecurity protection costs. We have developed and continue to invest in a variety of controls to prevent, detect and appropriately react to such cyber-attacks including periodically testing our systems’ security and access controls. However, cybersecurity risks continue to become more complex and broad ranging, and our internal controls provide only a reasonable, not absolute, assurance that we will be able to protect ourselves from significant cyber-attack incidents. By outsourcing certain business and administrative functions to third parties, we may be exposed to an enhanced risk of data security breaches. Any breach of data security could damage our reputation and/or result in monetary damages, which, in turn, could have a material adverse effect on the Company’s results of operations, liquidity and financial condition. The Company maintains an Enterprise Risk Management (“ERM”) program, which includes processes for key risk identification, mitigation efforts, and day-to-day management of risks, including cybersecurity risks. The ERM program is administered by our risk management committee, consisting of the Company’s Chief Executive Officer, Chief Financial Officer, and Vice President, Compliance & Risk Management, and involves our outsourced global cybersecurity team, which possesses significant knowledge and expertise in cybersecurity risks. Our global cybersecurity team ensures that the cybersecurity risks identified through the ERM program are incorporated into our overall cybersecurity program. We have put into place programs to address key cybersecurity risks including layered coverage with focus areas and practices designed to address network and endpoint security, application security, and security operations. We have processes in place to oversee and identify risks from cybersecurity threats associated with the use of third-party technology including third-party risk management, process and partner intake risk assessments, and dedicated procurement functions. These processes help mitigate the risks associated with utilizing external technology platforms and help prevent disruptions to our business operations. We consistently involve our external cybersecurity experts to assess our cybersecurity program, risk management, and relevant internal controls. Although we have not experienced a material cyber-attack, we maintain insurance coverage to specifically address cybersecurity risks. The coverage provides protection up to $1 million above a deductible of $50,000 for various cybersecurity risks including liability, business interruptions, cybercrimes and privacy breach related incidents. Our business continuity program follows industry standards for disaster recovery practices. Our program includes multiple components that act as an additional line of defense among them are regular functional recovery and tabletop exercises; cybersecurity exercises; protected backups for critical data; recovery time objectives; and recovery point objectives including achievability metrics, application criticality, program audit and maintenance, awareness and training, business impact analysis, and risk evaluation and controls. Cybersecurity Governance The Board of Directors is tasked with oversight of the Company’s cybersecurity, information governance, and privacy programs. All tasks related to assessing and managing the Company’s material risks from cybersecurity threats are delegated to the risk management committee that oversees our ERM program, which includes cyber-related risk items. In addition, our risk management committee receives quarterly reports on cybersecurity from our global cybersecurity team that has experience and expertise supporting mitigation of the potential cybersecurity threats facing our organization and vulnerabilities facing our technology infrastructure and potential cybersecurity threats. All members of our management team have been provided sufficient training to obtain an understanding of cybersecurity risks and exposures. The management team is actively promoting the Company’s cybersecurity policies and procedures, and leading discussions and mitigations of cybersecurity risks in the areas of their responsibilities.

Company Information