Nukkleus Inc. 10-K Cybersecurity GRC - 2025-02-10

Page last updated on February 10, 2025

Nukkleus Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-02-10 14:55:17 EST.

Filings

10-K filed on 2025-02-10

Nukkleus Inc. filed a 10-K at 2025-02-10 14:55:17 EST
Accession Number: 0001213900-25-011694

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. At this time, the Company does not have formal processes in place for assessing, identifying, and managing material risks from cybersecurity threats. Our approach to cybersecurity is currently informal and primarily reactive, involving basic security measures such as: ● Basic Security Software: We use standard antivirus and anti-malware software for protection against common threats. ● Password Policies: Simple password policies are in place to protect access to our systems. However, we recognize the importance of cybersecurity and are in the process of developing more robust strategies. We plan to: ● Develop a Cybersecurity Framework: Establish a formal risk assessment process to identify vulnerabilities. ● Engage Cybersecurity Expertise: Consider hiring or consulting with cybersecurity professionals to guide our strategy. ● Implement Training: Begin employee training on cybersecurity awareness to prevent common threats like phishing. We acknowledge that the absence of comprehensive cybersecurity processes could potentially expose the company to risks, which might materially affect our operations, financial condition, or strategic decisions in the future. We are committed to improving our cybersecurity posture as our resources allow. Governance ● Board Oversight: Currently, our sole director does not have a formal structure for overseeing cybersecurity risks. We plan to review this oversight in the near future to ensure appropriate governance is established. ● Management’s Role: Day-to-day management of cybersecurity is handled by our IT staff, who do not have specialized training in cybersecurity. We are considering enhancing this role or outsourcing to professionals with specific cybersecurity expertise. ● Expertise: Our current management and Board do not have in-depth cybersecurity expertise. We are considering educational opportunities or consulting to address this gap. Material Effect from Cybersecurity Threats To date, no known cybersecurity incidents have materially affected our business strategy, results of operations, or financial condition. However, due to our limited cybersecurity measures, we acknowledge that our company could be at higher risk of material impact from cybersecurity threats. We are actively working to mitigate these risks.

Company Information