RCI HOSPITALITY HOLDINGS, INC. 10-K Cybersecurity GRC - 2024-12-16

Page last updated on December 16, 2024

RCI HOSPITALITY HOLDINGS, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-12-16 16:13:15 EST.

Filings

10-K filed on 2024-12-16

RCI HOSPITALITY HOLDINGS, INC. filed a 10-K at 2024-12-16 16:13:15 EST
Accession Number: 0001628280-24-051384

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. CYBERSECURITY. We rely heavily on information technology systems to operate and manage all key aspects of our business. We also process substantial volumes of sensitive customer and employee personal information, which if impacted by cyber threats could result in financial and reputational harms and regulatory sanction. We have developed and implemented, and update on an ongoing basis, a risk-based information security program designed to identify, assess and manage material risks from cybersecurity threats. Risk Management and Strategy We assess, identify, and manage material risks related to potential cyber attacks on or through our information systems that could adversely affect the confidentiality, integrity, or availability of our information systems or the information residing on those systems through various processes. These processes include a wide variety of controls, technologies, methods, systems, and other processes that are designed to prevent, detect, or mitigate data loss, theft, and misuse, and unauthorized access to, or other cyber attacks or vulnerabilities affecting, our data. The assessment of cyber risk is integrated into our overall risk management processes and cybersecurity is identified as a key risk within our enterprise risk management program. We strive to implement cyber policies, standards, processes, and controls for assessing, identifying, and managing material risks from cyber threats and responding to cyber attacks that are aligned with industry best practices. We have an information technology team, led by our director of information technology, that is responsible for implementing and maintaining cybersecurity and data protection practices at the Company in close coordination with our senior management team. We seek to address cyber risks through a cross-functional approach, including relevant training for applicable employees and regular reviews and tests of our cybersecurity program that leverage work done by internal audit. We use processes to oversee and identify material risks from cyber threats associated with our use of third-party technology and systems. We maintain processes to reduce the impact of a cyber attack at a third-party vendor. We maintain a cybersecurity incident response plan, which details the incident response procedures and points of contact related to the response processes. The response plan includes a decision-tree-based playbook, which is a supplement to the plan, and focuses on specific types of incidents and the appropriate response steps. As of the date of this report, we are not aware of any recent cybersecurity attacks that have materially affected or are reasonably likely to materially affect the Company, including our business strategy, results of operations, or financial condition. See Item 1A-“Risk Factors” for additional information about the risks to our business associated with a breach or compromise to our information security systems. Governance Our board of directors has ultimate risk oversight responsibility for the Company and administers this responsibility both directly and with assistance from its committees. The Audit Committee oversees our overall enterprise risk management program and assists the entire board in fulfilling its oversight responsibility with respect to our information security and technology risks. The Audit Committee actively reviews and discusses our information security and technology risk management programs and regularly reports to the entire board on our relevant strengths and opportunities. The Audit Committee receives periodic updates from our director of information technology. These updates include matters such as ongoing changes in our external and internal cyber threat landscape, new technology trends and regulatory developments, evolving internal policies and practices used to manage and mitigate cyber and technology-related risks, and trends in various metrics that are used to help assess our overall cybersecurity program effectiveness.

Company Information