Main Street Capital CORP 10-K Cybersecurity GRC - 2025-02-28

Page last updated on March 3, 2025

Main Street Capital CORP reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-02-28 11:18:25 EST.

Filings

10-K filed on 2025-02-28

Main Street Capital CORP filed a 10-K at 2025-02-28 11:18:25 EST
Accession Number: 0001396440-25-000018

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity The Company maintains, and routinely reviews and evaluates its information technology (“IT”) and cybersecurity policies, practices and procedures (our “Cybersecurity Program”), which includes processes for assessing, identifying and managing material risks from cybersecurity threats. The Cybersecurity Program has various policies and procedures including a Cyber Incident Response Plan as part of the Company’s Crisis Management Plan. Our Cybersecurity Program is administered by our IT Manager, who is managed on a day-to-day basis by our General Counsel and overseen by our IT Steering Committee consisting of our Chief Executive Officer, our Chief Operating Officer and our General Counsel. Our General Counsel also serves as the crisis response team leader in connection with any material cybersecurity incident under the Cyber Incident Response Plan, with our Chief Operating Officer and our IT Manager also included on the crisis response team. We also utilize the services of IT and cybersecurity advisers, consultants and experts in the evaluation and periodic testing of our IT and cybersecurity systems, to recommend improvements to our Cybersecurity Program and in connection with any cybersecurity incident. Our IT Manager has over 10 years of experience advising on and managing risks from cybersecurity threats as well as developing and implementing cybersecurity systems, policies and procedures. Our General Counsel has served in his oversight function as General Counsel for over 16 years and previously as our Chief Compliance Officer for over 12 years, during which time he has gained expertise in assessing and managing risk applicable to the Company. Similarly, each of our Chief Executive Officer and our Chief Operating Officer have served in various executive management roles at the Company and, in the case of our Chief Operating Officer, other publicly traded organizations, involving extensive oversight and management of risks, including cybersecurity related risks, for over 20 years. As part of our overall risk management process, our management engages at least annually in an enterprise risk management review and evaluation, during which management reviews the principal risks relating to our business and operations. Included in this process is a review and evaluation of our risks relating to our Cybersecurity Program. Additionally, as part of our Rule 38a-1 compliance program, we review at least annually the compliance policies and procedures of our key service providers, including documentation discussing each service providers’ information security and privacy controls. Any failure in our or our key service providers’ cybersecurity systems could have a material impact on our operating results. See Item 1A. Risk Factors - General Risk Factors - The failure in cybersecurity systems, as well as the occurrence of events unanticipated in our disaster recovery systems and management continuity planning could impair our ability to conduct business effectively. Our Board as a whole has responsibility for the Company’s risk oversight, with reviews of certain areas being conducted by the relevant Board committees that report on their deliberations to the full Board. The oversight responsibility of the Board and its committees is enabled by management reporting processes that are designed to provide visibility to the Board about the identification, assessment and management of critical risks and management’s risk mitigation strategies. 45 Table of contents Oversight of risks relating to IT and cybersecurity has been delegated by our Board to its Audit Committee. The Audit Committee includes members of the Board who, in addition to each being designated as an “audit committee financial expert,” possess backgrounds and experience which we believe enable them to provide effective oversight of our IT and cybersecurity risks. Our management routinely reports to the Audit Committee on the status of the Company’s Cybersecurity Program and material risks from cybersecurity threats at the Audit Committee’s quarterly meetings. Such reports generally detail any testing, observations or developments concerning the Cybersecurity Program that occurred during the prior quarter . The results of periodic testing related to the Cybersecurity Program are also described in the Chief Compliance Officer’s annual report to the Board, provided pursuant to Rule 38a-1 under the 1940 Act. The crisis response team leader also collaborates with the Audit Committee chair to ensure that the Board is apprised of any material cybersecurity incident. During the reporting period, the Company has not identified any impacts from cybersecurity threats, including as a result of previous cybersecurity incidents, that the Company believes have materially affected, or are reasonably likely to materially affect, the Company, including its business strategy, operational results and financial condition.

Company Information