COMSTOCK RESOURCES INC 10-K Cybersecurity GRC - 2025-02-21

Page last updated on February 21, 2025

COMSTOCK RESOURCES INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-02-21 15:29:30 EST.

Filings

10-K filed on 2025-02-21

COMSTOCK RESOURCES INC filed a 10-K at 2025-02-21 15:29:30 EST
Accession Number: 0000950170-25-024783

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY We face various cybersecurity threats that could adversely affect our business, financial condition, and results of operations. We have implemented processes and procedures and engaged third-party service providers to assess, identify, and manage these risks , as well as to respond to and mitigate the impact of any potential or actual cybersecurity incidents to our information systems and the information residing therein. Risk Management and Strategy Our cybersecurity risk management processes have been integrated into our enterprise risk framework, which identifies, aggregates, and evaluates risks across the enterprise. We identify our enterprise risks through each member of our management team, along with counsel from our internal auditors and attorneys and we present an assessment of our enterprise risks to our board of directors on an annual basis. Our information technology management plays an integral part in the identification and communication of cybersecurity risks to our management team. Our processes for assessing and identifying cybersecurity risks include, but are not limited to, the following elements: - regular network security assessments and vulnerability scans performed by third parties; - third-party audits of our information systems, - third-party systems for monitoring and analysis of network activity and threat intelligence; - systems for protecting our information technology, such as firewalls and anti-virus software; - cybersecurity awareness training for our employees and contractors, including senior management; - and processes to oversee and identify cybersecurity risks associated with our use of third-party service providers, such as conducting due diligence, reviewing contracts, and verifying compliance with security standards and best practices. Despite our efforts, there is the ever-present risk that our systems and/or data will suffer a successful cyber incident such as unauthorized access, use, disclosure, modification, or destruction by hackers, cybercriminals, state-sponsored actors, insiders, or other malicious actors. We have experienced attempts to compromise our systems and/or data. These attempts included phishing attacks, malware infections, and unauthorized access attempts. We do not believe that these attempts, if successful, would have resulted in a material adverse effect on our business, financial condition, or results of operations. We continue to be diligent in preventing, detecting, and responding to cyber incidents. However, we cannot guarantee that we will not suffer cybersecurity incidents in the future. See Item 1A. Risk Factors " Our business could be negatively impacted by security threats, including cybersecurity threats and other disruptions. " Governance The Audit Committee of our Board of Directors provides oversight over our cybersecurity risk management and strategy. The committee receives updates from our information technology management and external advisors on our cybersecurity posture, initiatives, and incidents on an annual or as needed basis. Our information technology department is responsible for assessing and managing our cybersecurity risks on a day-to-day basis and their processes for managing cybersecurity risks include implementing and maintaining security controls, policies, and procedures to protect our information systems and the information residing therein. They also provide periodic awareness notifications to our employees and contractors on 29 COMSTOCK RESOURCES, INC. cybersecurity best practices and their roles and responsibilities. In addition, we have established an incident response plan to coordinate our response to and recovery from any cybersecurity incidents. Our Director of Information Technology has over 20 years of experience in managing organizations in the energy and telecom industries. We also have a Certified Information Systems Security Professional, who has eight years of experience in cyber and information security.

Company Information