R F INDUSTRIES LTD 10-K Cybersecurity GRC - 2025-01-21

Page last updated on January 21, 2025

R F INDUSTRIES LTD reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-01-21 16:31:56 EST.

Filings

10-K filed on 2025-01-21

R F INDUSTRIES LTD filed a 10-K at 2025-01-21 16:31:56 EST
Accession Number: 0001437749-25-001497

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Risk Management and Strategy The Company has adopted policies and implemented certain controls and procedures that allow its management to assess, identify and manage material risks from cybersecurity threats and for its Board of Directors, through its Audit Committee, to actively oversee the strategic direction, objectives, and effectiveness of the Company’s cybersecurity risk management framework. The Company’s processes are integrated into its overall enterprise risk management program and compliments the Company’s enterprise-wide risk assessment architecture, as implemented by the Company’s management and as overseen by the Company’s Board of Directors through its Audit Committee. The Company has in the past, and may continue to do so in the future, engage third-party consultants, to review and assess the Company’s information technology and security. The Company seeks to address cybersecurity risks through a cross-functional approach that is focused on preserving the confidentiality, security, and availability of the information that the Company collects and stores by identifying, preventing, and mitigating cybersecurity threats and effectively responding to cybersecurity incidents when they occur. To identify and assess material risks from cybersecurity threats, we follow best practices in routine network and endpoint auditing, vulnerability assessments, penetration testing, and other forms of security auditing. We continuously monitor endpoint activity and network traffic for unusual or prohibited behavior to prevent, identify, and contain malicious actions. We have developed incident response plans by using the information gained through testing and monitoring to manage any identified vulnerabilities and further improve our cybersecurity preparedness and response infrastructure. Such plans set forth the actions to be taken in responding to and recovering from cybersecurity incidents, which include triage, assessing the severity of incidents, escalation protocols, containment of incidents, investigation of incidents, and remediation. We also regularly perform phishing tests of our employees and provide annual privacy and security training for all employees. Our security training incorporates awareness of cyber threats including but not limited to malware, ransomware, and social engineering attacks, password hygiene and incident reporting processes. 19 We review our cybersecurity risk framework and related policies annually with senior management to help identify areas for continued focus and improvement. We also engage third party experts to review and assess our processes to ensure they are robust and consistent with the current security landscape. The data center where we host our critical data is SOC II complaint. The Company has also implemented processes to identify, monitor and address material risks from cybersecurity threats associated with our use of third-party service providers, including those in our supply chain or who have access to our systems, data or facilities that house such systems or data by discussing issues to be addressed and recommending securities measures to be improved where possible. Although in the periods reported we have not experienced any material cybersecurity incidents and the expenses we have incurred from cybersecurity incidents, including penalties and settlements, were immaterial, we may experience such incidents in the future and the scope and impact of any such future incidents cannot be predicted. To prepare for any such event, we have a full Disaster Recovery plan in place that is tested annually to ensure resilience against a myriad of threats. Governance Role of the Board of Directors and the Audit Committee As part of the Board of Directors’ role in overseeing the Company’s enterprise risk management program, which includes our cybersecurity risk management framework, the Board is responsible for exercising oversight of management’s identification and management of, and planning for, material cybersecurity risks that may reasonably be expected to impact the Company. While the full Board has overall responsibility for risk oversight, the Board has delegated oversight responsibility related to risks from cybersecurity threats to the Audit Committee. The Audit Committee is responsible for overseeing the strategic direction, objectives, and effectiveness of the Company’s cybersecurity risk management framework, taking into account the Company’s risk exposures and progress of its risk management processes. The Audit Committee is informed of the Company’s cybersecurity risk management and receives an overview of its cybersecurity program from management at least quarterly, which covers topics including, among others, recent cybersecurity risk landscape and trends, data security posture, results from third-party assessments, training and vulnerability testing, our incident response plan, material cybersecurity risks, whether developing or actual, as well as the steps management has taken to respond to such risks, emerging cybersecurity regulations, technologies and best practices. Material cybersecurity risks are also discussed during separate Board meetings as part of the Board’s risk oversight generally. Role of Management Our Chief Financial Officer is responsible for management’s oversight of cybersecurity governance, decision-making, risk management, awareness, and compliance across the Company. Our Chief Financial Officer works to employ a cybersecurity program designed to protect the Company’s information systems from cybersecurity threats and to respond to incidents in accordance with the Company’s incident response plan and other policies and procedures. In the event of a material cybersecurity incident or investigation, management will, in compliance with escalation protocols in place, promptly report to the Audit Committee and the Board, as appropriate, in accordance with the Company’s incident response plan, and other policies and determine the timing of action, and necessary response. The Company places a high priority on safeguarding its data, systems, and infrastructure from cybersecurity threats. To manage this critical aspect of operations, the Company partners with a third-party IT provider that specializes in cybersecurity services. Established in 1997, this provider brings over two decades of expertise in managing and mitigating cyber risks, including network security, vulnerability assessments, and incident response planning. The provider’s comprehensive approach ensures the protection of the Company’s sensitive information and critical systems, while also adhering to industry best practices and regulatory requirements. By leveraging the expertise of its third-party IT provider, the Company is able to implement robust cybersecurity measures that support operational continuity and reduce exposure to potential security incidents.

Company Information