Bridgeline Digital, Inc. 10-K Cybersecurity GRC - 2024-12-23

Page last updated on December 26, 2024

Bridgeline Digital, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-12-23 19:48:15 EST.

Filings

10-K filed on 2024-12-23

Bridgeline Digital, Inc. filed a 10-K at 2024-12-23 19:48:15 EST
Accession Number: 0001437749-24-038328

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. Risk Management and Strategy Our cybersecurity and risk management program is intended to protect the confidentiality, integrity, and availability of our critical information systems and the data resident on them. We have designed our IT systems and processes with the intention that our solutions should defend against the ever-evolving threat landscape while remaining agile to keep up with such threats. We have established processes for assessing, identifying and managing cybersecurity risks, which are built into our information technology function and are designed to safeguard our information assets and operations from internal and external cyber threats, including protecting employee information from unauthorized access to or attacks on our networks and systems. These processes include physical, procedural and technical safeguards, response plans, regular tests on our systems, incident simulations and routine reviews of our policies and procedures to identify risks and enhance our practices. We also employ processes to identify material risks from cybersecurity threats associated with our use of third-party service providers. In an effort to deter and detect cyber threats, we periodically provide training programs to our employees on issues related to privacy and data protection, cybersecurity risks, and the importance of reporting all incidents immediately. Topics include identifying phishing, password protection, securing confidential data, and mobile security. In addition, we use technology-based tools to mitigate cybersecurity risks and to bolster our employee-based cybersecurity programs. We also perform annual vulnerability assessments, conducted by independent, third-party cybersecurity firms. Additionally, as part of our overall risk mitigation strategy, the Company obtains certain insurance policies. However, such insurance may not be sufficient in type or amount to cover us fully against claims related to security breaches, cyber-attacks and other related breaches. An incident response plan has been established which provides detailed information on actions to take in the event of an incident. The incident response plan includes the scope of the plan, establishes the incident response team, details the incident response lifecycle, and provides templates to make the process easier to document and follow. Timelines, communication methods, and notification information are included in the plan to ensure the process can be followed in high pressure situations which can occur during incidents. Governance The Audit Committee of our Board of Directors provides direct cybersecurity risk oversight. Our management provides timely disclosure and related updates to the Audit Committee regarding potential cybersecurity threats, incidents and general risks. Our management periodically evaluates information on evolving cybersecurity risks and, based on its assessment of the processes the Company has put in place, does not believe there are currently any known risks from cybersecurity threats that are reasonably likely to materially affect us or our business strategy, results of operations, or financial condition. Further, we have not had any cybersecurity incidents in 2024, and through the date of filing of this Form 10-K. While prior incidents have not had a material impact on us, future incidents could have a material adverse effect on our business, results of operations and cash flows. For additional information about our cybersecurity risks, see Item 1A - Risk Factors on this Annual Report on Form 10-K.

Company Information