HARBOR DIVERSIFIED, INC. 10-K Cybersecurity GRC - 2024-10-24

Page last updated on October 24, 2024

HARBOR DIVERSIFIED, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-10-24 17:40:51 EDT.

Filings

10-K filed on 2024-10-24

HARBOR DIVERSIFIED, INC. filed a 10-K at 2024-10-24 17:40:51 EDT
Accession Number: 0000899394-24-000006

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Cybersecurity Risk Management and Strategy Air Wisconsin’s approach to mitigating information technology (“IT”) and cybersecurity risk is comprised of a range of activities with the primary objective of maintaining the confidentiality, integrity and availability of its critical IT Systems and information related to its business. Although IT Systems are inherently vulnerable to interruption due to a variety of sources, Air Wisconsin has aligned its cybersecurity risk management program, including our processes and controls, with certain applicable and relevant guidelines, including the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF). Air Wisconsin assesses its cybersecurity maturity against the NIST CSF’s core functions; however, this does not imply that it meets any particular technical standards, specifications or requirements, only that it uses the NIST CSF as a guide to help it identify, assess and manage cybersecurity risks relevant to its business. Air Wisconsin’s cybersecurity risk management processes include a cybersecurity incident response plan, and it has invested in technical and organizational safeguards intended to manage and mitigate material risks from cybersecurity threats to its IT Systems, including network security controls, employee training, internal vetting of third-party vendors and service providers with whom Air Wisconsin may share data, and regular system reviews and security exercises. Air Wisconsin’s cybersecurity risk management program is a component of its overall enterprise risk management program, and shares common methodologies, reporting channels and governance processes that apply across the enterprise risk management program to other legal, compliance, strategic, operational, and financial risk areas. Air Wisconsin works closely with accredited third-party cybersecurity firms to audit its security architecture. Air Wisconsin’s Information Security Team, consisting of experienced cybersecurity professionals, is responsible for the day-to-day management of our cybersecurity risks, including directing its cybersecurity risk assessment processes, its security processes, and its response to cybersecurity incidents. For the year ended December 31, 2023, Air Wisconsin has not identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have or are reasonably likely to materially affect it, including its operations or business strategy or our results of operations or financial condition. Air Wisconsin faces certain ongoing risks from cybersecurity threats that, if realized, could materially adversely affect it, including its operations or business strategy or our results of operations or financial condition. Cybersecurity Governance The Company considers cybersecurity risk as critical to the enterprise and delegates the cybersecurity risk oversight function to Air Wisconsin. Certain individuals within Air Wisconsin, including its Chief Financial Officer and Vice President of Information Technology (“IT Management”) oversee the design, implementation and enforcement of our cybersecurity risk management program, including a cybersecurity policies and procedures manual. IT Management is supported by Air Wisconsin internal security staff and external experts as part of its continuing education on topics that impact public companies. Air Wisconsin’s Vice President of Information Technology has more than 15 years of experience managing and leading IT and cybersecurity teams. IT Management is responsible for efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, which may include briefings from internal security personnel, threat intelligence and other information obtained from governmental, public or private sources, including external consultants engaged by us, and alerts and reports produced by security tools deployed in the IT environment. In the event of a breach or incident, the cybersecurity policies and procedures manual requires notification to Harbor’s board of directors. 33 Table of C ontents

Company Information