enCore Energy Corp. 10-K Cybersecurity GRC - 2025-03-03

Page last updated on March 3, 2025

enCore Energy Corp. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-03 16:45:01 EST.

Filings

10-K filed on 2025-03-03

enCore Energy Corp. filed a 10-K at 2025-03-03 16:45:01 EST
Accession Number: 0001500881-25-000002

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity We rely on information technology to operate our business. We have endpoint and other protection systems, and incident response processes, both internally and through third-party experts designed to protect our information technology systems. These established processes assist us to continuously assess and identify threats to our systems and minimize impact to our business in the event of a breach or other security incident. Additionally, the Company has implemented numerous information technology policies and procedures concerning cybersecurity matters, which include policies that directly or indirectly relate to encryption standards, antivirus protection, remote access, multi-factor authentication, confidential information and the use of the internet, social media, email and wireless and personal devices for both Company business and personal matters while utilizing Company resources. These policies go through an internal review process on a periodic basis and are, if needed, updated and re-approved by the appropriate members of management. With our third-party consultants, the processes protect our information systems and allow us to resolve any issue which may arise in the most timely and aggressive fashion. As any new threat to security may be identified, our personnel are notified, with instruction to increase awareness of the threat and how to react if such a threat or actual breach appears to be encountered. Periodic educational notices are also disseminated to all personnel. Additionally, as our systems are modified and upgraded, all personnel are notified, with instruction as appropriate. Responsibility for the identification and assessment of risks and the recommendation of upgrades to our systems resides with our expert consultants who report to our Interim Chief Executive Officer. Governance Our Board oversees the risks involved in our operations as part of its general oversight function, integrating risk management into the Company’s compliance policies and procedures. With respect to cybersecurity, the Audit Committee of the Board has the ultimate oversight responsibility relating to risk management of cybersecurity. Among other things, the Audit Committee discusses with management the Company’s major policies with respect to risk assessment and risk management, including cyber security, as they relate to the integrity of the Company’s accounting and financial reporting processes and the Company’s compliance with legal and regulatory requirements. In addition to its other responsibilities, the Board as a whole oversees operational information technology risks, including cybersecurity, as they relate to the technical aspects of the Company’s operations. The full Board receives at least annual reports from management on information technology matters, including cybersecurity. The reports address upgrades to hardware, software, and IT systems throughout the Company, and include the identification of IT and cybersecurity risks. Security scores, risk management, and mitigation measures are routinely presented. As discussed above, we maintain endpoint and other protection systems, and incident response processes, both internally and through third-party experts. As these systems, processes, training, and upgrades are implemented, updates are provided to the Board. Risks Risks [YTJ1] [KM2] from cybersecurity threats, including as a result of any previous cybersecurity incidents, have not materially affected, and we do not believe are reasonably likely to materially affect us, including our business strategy, results of operations or financial statements. However, the risk of cybersecurity threats could be significant if the cyber-attack disrupts the Company’s critical operations, service or financial systems. Risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have not materially affected, and we do not believe are reasonably likely to materially affect us, including our business strategy, results of operations or financial statements. However, the risk of cybersecurity threats could be significant if the cyber-attack disrupts the Company’s critical operations, service or financial systems. For additional information regarding risks from cybersecurity threats, please refer to Item 1A, “Risk Factors,” We are dependent on information technology systems, which are subject to certain risks, including cybersecurity risks and data leakage risks associated with implementation and integration" above.

Company Information