Page last updated on November 6, 2024
LEAFBUYER TECHNOLOGIES, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-11-05 16:47:21 EST.
Filings
10-K filed on 2024-11-05
LEAFBUYER TECHNOLOGIES, INC. filed a 10-K at 2024-11-05 16:47:21 EST
Accession Number: 0001477932-24-006885
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
Item 1C. “Cybersecurity-Risk Management” and “-Governance.” ITEM 1B. UNRESOLVED STAFF COMMENTS None. ITEM 1C. CYBERSECURITY Risks related to Cybersecurity Incidents We face significant risks related to cybersecurity threats, which could adversely affect our business, financial condition, and results of operations. Cybersecurity incidents, including but not limited to unauthorized access, data breaches, and other malicious activities, could result in the loss or theft of sensitive information, disruption of our operations, and damage to our reputation. While we have implemented measures to protect our information systems, there can be no assurance that these measures will effectively prevent all cybersecurity incidents. Specific risks include, but are not limited to: 1. Data Breaches: A breach of our information systems could lead to unauthorized access to customer or employee data, resulting in reputational harm and legal liabilities. 2. Operational Disruption: Cybersecurity incidents could disrupt our operations, leading to delays in production, delivery, or fulfillment of customer orders. 3. Intellectual Property Theft: Unauthorized access to our proprietary information could result in intellectual property theft, impacting our competitive position in the market. 4. Regulatory and Legal Compliance: Cybersecurity incidents may subject us to regulatory investigations, legal claims, and penalties, affecting our compliance with applicable laws and regulations. 5. Third-Party Relationships: Our reliance on third-party vendors and service providers exposes us to additional cybersecurity risks, and a security breach affecting these entities could impact our operations. Although, to date, cybersecurity incidents have not materially impacted our business strategy, results of operations, or financial condition, there can be no assurances that they will not do so in the future. Refer to “Item 1A. Risk factors” in this Annual Report for additional information about cybersecurity-related risks. Risk Management and Strategy Assessing, Identifying, and Managing Material Cyber Threats We have in place certain infrastructure, systems, policies, and procedures that are designed to proactively and reactively address circumstances that arise when unexpected events such as a cybersecurity incident occur. These include processes for assessing, identifying, and managing material risks from cybersecurity threats. We consult with external parties, such as cybersecurity firms and risk management and governance experts, on risk management and strategy. We use a team of outside vendors and government services specializing in IT and cybersecurity that provide expertise, tools, and methodologies to identify and assess vulnerabilities and potential threats. Automated tools and AI-based user behavior analytics also support identification and management of cyber threats. Response to a broad category of threats is immediate and automatic. Security personnel and members of our management are alerted when cyber threats or anomalies are detected. Persistent threats or issues that, in the opinion of management, are material are immediately brought to the attention of our board of directors. In the event of a detected cyber incident by 24/7 monitoring software or employee notification, our IT and cybersecurity provider performs a detailed assessment of the incident, identifies the source of the problem, and resolves the issue as appropriate. If they are unable to resolve the issue, the problem is escalated to our cybersecurity monitoring and detection software provider for resolution. Events which are not routinely resolved by our IT and cybersecurity provider are brought to the attention of the board. In order to mitigate risks of cybersecurity incidents, critical business and operational data are backed up at night and stored offsite for security purposes and to restore data in the event of a breach. Additionally, we provide cybersecurity awareness training of our employees, incident response personnel, and senior management. Governance Our executive management team is primarily responsible for assessing and managing our material risks from cybersecurity threats. Management supervises both our internal cybersecurity and IT related personnel, as well as our retained external cybersecurity consultants and vendors. Additionally, they supervise efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, which may include briefing from internal or external security personnel; threat intelligence and other information obtained from governmental, public or private sources, including external consultants or vendors engaged by us; and alerts and reports produced by security tools deployed in our IT environment. Our board of directors provides oversight and oversees management’s processes for identifying and mitigating risks, including cybersecurity risks, to help align our risk exposure with our strategic objectives. Two of our management have received training on cyber risk governance for public companies, regularly brief our board of directors on our cybersecurity and information security posture as well as cybersecurity incidents deemed to have a moderate or higher business impact, even if viewed as immaterial to us. As cyber threats evolve and become more sophisticated, we believe that the board’s involvement in cybersecurity governance ensures that we are adequately focused on resources and protecting the Company’s assets and reputation.
ITEM 1C. CYBERSECURITY Risks related to Cybersecurity Incidents We face significant risks related to cybersecurity threats, which could adversely affect our business, financial condition, and results of operations. Cybersecurity incidents, including but not limited to unauthorized access, data breaches, and other malicious activities, could result in the loss or theft of sensitive information, disruption of our operations, and damage to our reputation. While we have implemented measures to protect our information systems, there can be no assurance that these measures will effectively prevent all cybersecurity incidents. Specific risks include, but are not limited to: 1. Data Breaches: A breach of our information systems could lead to unauthorized access to customer or employee data, resulting in reputational harm and legal liabilities. 2. Operational Disruption: Cybersecurity incidents could disrupt our operations, leading to delays in production, delivery, or fulfillment of customer orders. 3. Intellectual Property Theft: Unauthorized access to our proprietary information could result in intellectual property theft, impacting our competitive position in the market. 4. Regulatory and Legal Compliance: Cybersecurity incidents may subject us to regulatory investigations, legal claims, and penalties, affecting our compliance with applicable laws and regulations. 5. Third-Party Relationships: Our reliance on third-party vendors and service providers exposes us to additional cybersecurity risks, and a security breach affecting these entities could impact our operations. Although, to date, cybersecurity incidents have not materially impacted our business strategy, results of operations, or financial condition, there can be no assurances that they will not do so in the future. Refer to “Item 1A. Risk factors” in this Annual Report for additional information about cybersecurity-related risks. Risk Management and Strategy Assessing, Identifying, and Managing Material Cyber Threats We have in place certain infrastructure, systems, policies, and procedures that are designed to proactively and reactively address circumstances that arise when unexpected events such as a cybersecurity incident occur. These include processes for assessing, identifying, and managing material risks from cybersecurity threats. We consult with external parties, such as cybersecurity firms and risk management and governance experts, on risk management and strategy. We use a team of outside vendors and government services specializing in IT and cybersecurity that provide expertise, tools, and methodologies to identify and assess vulnerabilities and potential threats. Automated tools and AI-based user behavior analytics also support identification and management of cyber threats. Response to a broad category of threats is immediate and automatic. Security personnel and members of our management are alerted when cyber threats or anomalies are detected. Persistent threats or issues that, in the opinion of management, are material are immediately brought to the attention of our board of directors. In the event of a detected cyber incident by 24/7 monitoring software or employee notification, our IT and cybersecurity provider performs a detailed assessment of the incident, identifies the source of the problem, and resolves the issue as appropriate. If they are unable to resolve the issue, the problem is escalated to our cybersecurity monitoring and detection software provider for resolution. Events which are not routinely resolved by our IT and cybersecurity provider are brought to the attention of the board. In order to mitigate risks of cybersecurity incidents, critical business and operational data are backed up at night and stored offsite for security purposes and to restore data in the event of a breach. Additionally, we provide cybersecurity awareness training of our employees, incident response personnel, and senior management. Governance Our executive management team is primarily responsible for assessing and managing our material risks from cybersecurity threats. Management supervises both our internal cybersecurity and IT related personnel, as well as our retained external cybersecurity consultants and vendors. Additionally, they supervise efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, which may include briefing from internal or external security personnel; threat intelligence and other information obtained from governmental, public or private sources, including external consultants or vendors engaged by us; and alerts and reports produced by security tools deployed in our IT environment. Our board of directors provides oversight and oversees management’s processes for identifying and mitigating risks, including cybersecurity risks, to help align our risk exposure with our strategic objectives. Two of our management have received training on cyber risk governance for public companies, regularly brief our board of directors on our cybersecurity and information security posture as well as cybersecurity incidents deemed to have a moderate or higher business impact, even if viewed as immaterial to us. As cyber threats evolve and become more sophisticated, we believe that the board’s involvement in cybersecurity governance ensures that we are adequately focused on resources and protecting the Company’s assets and reputation.
Company Information
| Name | LEAFBUYER TECHNOLOGIES, INC. |
| CIK | 0001643721 |
| SIC Description | Services-Management Consulting Services |
| Ticker | LBUY - OTC |
| Website | |
| Category | Emerging growth company |
| Fiscal Year End | June 29 |