PROCYON CORP 10-K Cybersecurity GRC - 2024-10-25

Page last updated on October 25, 2024

PROCYON CORP reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-10-25 17:14:52 EDT.

Filings

10-K filed on 2024-10-25

PROCYON CORP filed a 10-K at 2024-10-25 17:14:52 EDT
Accession Number: 0001437749-24-032155

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Cybersecurity threats and cybersecurity incidents could adversely affect our business and disrupt our operations. Cybersecurity incidents include an intentional attack or unintentional event allowing unauthorized access to systems impacting the confidentiality, integrity and/or availability of our information sources. Cybersecurity threats are any potential unauthorized occurrence on or conducted through our information systems that may result in adverse effects on the confidentiality, integrity, or availability of our information systems or the information therein. To date, Cybersecurity threats have not had a material impact nor, are they anticipated to significantly affect the Company, including our business strategy, results of operations or financial condition. We rely extensively on information technology (IT) services to conduct our business. We also rely on networks and services, including internet sites, cloud and software solutions, data hosting and processing facilities and tools and other hardware, software and technical applications and platforms to assist in conducting our business. Procyon Corporation has processes in place for identifying, assessing and managing material risks from potential unauthorized access to electronic information held by the Company for business and/or commercial purposes. We have safeguards in place to protect the confidentiality of information residing on the systems that include controls, mechanisms and technologies designed to prevent, detect and/or mitigate data theft or misuse. The data includes proprietary information that we routinely collect, process, store and transmit while conducting business with our customers. We contract third party consultants to assist providing security hardware and software, as well as providing reporting and recommendations to strengthen our systems. As part of our risk management process, cybersecurity risks and mitigations are evaluated by senior leadership and presented to the Board of Directors. As methods of cybersecurity attacks are varied and constantly evolving, we regularly review and update systems, processes and procedures to safeguard against potential threats. However, there is no guarantee that the measures we undertake will be adequate to safeguard against all threats presented; and we may be unable to anticipate these techniques or implement adequate preventative measures. These attacks are also reviewed by our third party consultants. Regulatory requirements related to data privacy and cybersecurity are also changing, presenting new and increasingly rigorous requirements that may be applicable to our business. Implementation of and maintaining compliance with the evolving changes requires significant effort and cost for a company of our size which may limit our ability to comply and our cyber insurance coverage may not be adequate for liabilities or costs actually incurred. 7 The Company has current insurance coverage for Cybersecurity attacks. This coverage however, may not cover be enough to cover substantial attacks, if they occur. We also cannot be certain that insurance will be available to us with reasonable terms or that any insurer will not deny coverage of a future claim. These risks could substantially increase our operating costs, expose us to fraud or theft, subject us to potential liability and disrupt our business. Acceptance of current payment options also subjects us to rules, regulations, contractual obligations and compliance requirements which may change over time or be reinterpreted, making compliance even more difficult, costly or uncertain. We cannot guarantee that our financial results will not be negatively impacted by complying with these requirements. We will continue to mitigate risks by employing physical, administrative and technical measures including employee training, logical access controls, monitoring and testing, and maintenance of protective systems and contingency plans but remain potentially vulnerable to additional known or unknown cybersecurity threats and cannot be assured that the impact from such threats will not be material. Management is in the process of starting an outside third party audit of our systems, to review if there are any improvements needed from either a security aspect or personnel training to safeguard against the internal human factor that can unintentionally cause harm. Management will report on these findings in the future.

Company Information