Page last updated on December 16, 2024
MITEK SYSTEMS INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-12-16 16:53:56 EST.
Filings
10-K filed on 2024-12-16
MITEK SYSTEMS INC filed a 10-K at 2024-12-16 16:53:56 EST
Accession Number: 0000807863-24-000142
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
ITEM 1C. CYBERSECURITY. Risk management and strategy Protecting our business information, intellectual property, customer and employee data, and technology systems is crucial for our business continuity, regulatory compliance, and stakeholder trust. We have established processes to assess, identify, and manage significant risks from cybersecurity threats as part of our broader enterprise-wide risk management system and processes, which is overseen by our Board. Our cybersecurity policies, standards, processes, and practices are part of our information security management program, which is aligned to ISO 27001, an international standard to manage information security. ISO 27001 is published by the International Organization for Standardization (ISO), the world’s largest developer of voluntary standards, and the International Electrotechnical Commission (IEC). Mitek uses guidance from standard bodies such as the NIST (Cyber Security Framework). Mitek also adheres to Service Organization Control (SOC2) security framework for securing customer data. Our information technology cybersecurity team, with oversight from our Board, is tasked with monitoring cybersecurity and operational risks related to information security and system disruption. The Mitek cybersecurity team uses principles of Confidentiality, Integrity and Availability to design and implement information technology systems. The team employs measures designed to protect against, detect, and respond to cybersecurity threats, and has implemented processes and procedures aligned with our enterprise-wide risk management system. These include: 21 - Enterprise-wide security framework and cybersecurity standards; - Cybersecurity awareness and training programs; - Security assessments and monitoring: - Restricted physical access to critical areas, servers and network equipment; and - Cyber incident response, crisis management, business continuity and disaster recovery plans. We assess and test our cybersecurity policies and practices on an annual basis. These efforts include tabletop exercises, vulnerability and penetration tests, and other exercises focused on evaluating the effectiveness of our cybersecurity measures and planning. We also engage third parties to assess and test our cybersecurity measures. We perform risk assessments on critical third-party service providers, software and other tools used in the Company’s operations that may have the potential to create cybersecurity threats to our business. We have a documented incident response plan for identifying and responding to cybersecurity incidents that focuses on isolating, containing, mitigating, and eradicating the threat as quickly as possible. In the event of a cybersecurity incident, we will follow a documented incident escalation procedure. Certain of our systems and those of our third-party service providers have experienced cybersecurity threats. Based on the information available as of the date of this Annual Report on Form 10-K, we are not aware of any risks from cybersecurity threats, including as a result of any cybersecurity incidents, which have materially affected us or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition. Despite our security measures, however, there can be no assurance that we, or the third parties with which we interact, will not experience a cybersecurity incident in the future that will materially affect us. Additional information about cybersecurity risks we face is discussed in “Item 1A. Risk Factors,” which should be read in conjunction with the information above. Governance Risk assessment and oversight are an integral part of our governance and management processes. Our Board of Directors has ultimate oversight of the Company’s risk management. Our Board receives regular presentations and reports on cybersecurity risks, prompt and timely information regarding cybersecurity incidents that meet specified thresholds, and updates on such incidents until they have been addressed. Our management team, in coordination with our information technology department, is responsible for assessing and managing our material risks from cybersecurity threats and hiring appropriate personnel and third-party consultants to oversee the cybersecurity program. Our Head of IT has primary responsibility for our overall cybersecurity risk management program and supervises our cybersecurity personnel. Our Head of IT’s experience includes over 25 years of design, implementation and management of cyber-security & information technology programs at various levels and organizations.
Company Information
| Name | MITEK SYSTEMS INC |
| CIK | 0000807863 |
| SIC Description | Computer Peripheral Equipment, NEC |
| Ticker | MITK - Nasdaq |
| Website | |
| Category | Accelerated filer |
| Fiscal Year End | September 29 |