Page last updated on February 7, 2025
Byrna Technologies Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-02-07 09:01:24 EST.
Filings
10-K filed on 2025-02-07
Byrna Technologies Inc. filed a 10-K at 2025-02-07 09:01:24 EST
Accession Number: 0001437749-25-003081
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
ITEM 1C. CYBERSECURITY Our business is highly dependent on our information systems, including our ability to operate them effectively and to successfully implement new technologies, methods, and processes, as well as adequate controls and cybersecurity incident recovery plans. We rely on our information systems to manage our business. In addition, we must protect the confidentiality and integrity of the data of our business, employees, customers, and other third parties. Our business involves the collection, processing, storage, and transmission of personally identifiable information and other sensitive and confidential information. This data is wide-ranging and relates to our employees, customers, and third parties. Our management, led by our Chief Executive Officer, has the overall responsibility for identifying, assessing and managing any material risks from cybersecurity threats, and our Board of Directors, assists in overseeing and monitoring cybersecurity risks and risk management. Our cybersecurity posture is designed to comply with key global financial regulations and cybersecurity laws in the jurisdictions in which we operate. This posture includes taking several proactive steps to prepare for attempts to compromise our information systems. To provide for the availability of critical data and systems, maintain regulatory compliance, manage our material cybersecurity risks, and protect against, detect, and respond to cybersecurity threats and incidents, we undertake the following activities: ● Closely monitor emerging data protection laws and implement changes to our processes designed to comply; ● Undertake reviews of our consumer-facing and internal policies and statements related to cybersecurity; ● Proactively inform our customers of substantive changes related to customer data handling; ● Conduct annual cybersecurity training for all our employees; ● Conduct regular phishing email simulations for all employees and all contractors with access to corporate email systems to enhance awareness and responsiveness to such possible threats; ● Through policy, practice, and contract (as applicable), require employees, as well as third parties who provide services on our behalf, to treat customer information and data with care; ● Update and assess our cybersecurity technologies to address threats and vulnerabilities; and ● Carry cybersecurity insurance to protect against potential losses from incidents. Cybersecurity Risk Assessment Program We do not have a formal cybersecurity risk assessment program. Policies and Procedures for Third-Party Service Providers We do not have specific policies and procedures to oversee, identify, or mitigate the cybersecurity risks associated with our use of third-party service providers, other than relying on SOC 1 Type 2 reports for materially in-scope applications. Activities to Prevent, Detect, and Minimize Cybersecurity Incidents We undertake various activities to prevent, detect, and minimize the effects of cybersecurity incidents. These activities include: ● ensuring that company data accessed via a desktop or laptop computer is only accessible from company-owned computers ● ensuring that company-owned computers are regularly updated and maintained, are running the latest versions of our Endpoint Detection and Response antivirus software ● ensuring that company-owned computers access the internet through secure connections via our corporate VPN solution ● conducting regular phishing email simulations ● updating and assessing our cybersecurity technologies such as our firewall and various cybersecurity software Impact of Previous Cybersecurity Incidents At this time, we have not identified any risks from known cybersecurity threats, including as a result of prior cybersecurity incidents, that have materially affected us. However, we face certain ongoing risks from cybersecurity threats that, if realized, are reasonably likely to materially affect us. Impact on Results of Operations or Financial Condition Cybersecurity risks and incidents have not materially affected our results of operations or financial condition. However, we face certain ongoing risks from cybersecurity threats that, if realized, are reasonably likely to materially affect us. Consideration of Cybersecurity Risks in Business Strategy, Financial Planning, and Capital Allocation Cybersecurity risks are considered as part of our business strategy, financial planning, and capital allocation. We regularly review and update our cybersecurity posture to address emerging threats and ensure the protection of our information systems.
Company Information
| Name | Byrna Technologies Inc. |
| CIK | 0001354866 |
| SIC Description | Miscellaneous Electrical Machinery, Equipment & Supplies |
| Ticker | BYRN - Nasdaq |
| Website | |
| Category | Non-accelerated filer Smaller reporting company |
| Fiscal Year End | November 29 |