Bit Digital, Inc 10-K Cybersecurity GRC - 2025-03-14

Page last updated on March 14, 2025

Bit Digital, Inc reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-14 06:41:01 EDT.

Filings

10-K filed on 2025-03-14

Bit Digital, Inc filed a 10-K at 2025-03-14 06:41:01 EDT
Accession Number: 0001013762-25-000307

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity The Company’s cybersecurity principles, goals and targets are defined in a policy approved by the Board of Directors (the “Policy”). This Policy is anchored in a risk-based approach based on industry standards to balance the level of cybersecurity against the risks faced by the Company. Material risks are managed by both internal resources and third-party contractors. The Company believes that effective information security management is necessary for the secured sharing and protection of information within the Company’s cyberspace. The Policy applies to all directors, officers, employees and contractors of the Company and any parent, holding companies and subsidiaries regardless of their contract terms, who use the Company’s technological devices. The Board of Directors is responsible for leading the Company to minimize the risk of unauthorized and malicious use, disclosure, potential theft, alteration or damaging effects on the Company’s operations while concurrently enabling the sharing of information in cyberspace. The Board of Directors is committed to ensuring that risks to the confidentiality, integrity or availability of Company-owned information assets are managed appropriately by implementing an information security risk management approach. 73 The Board of Directors oversees the Policy and its implementation of the Company’s oversight, programs, procedures, and policies related to cybersecurity, cybersecurity risks, information security, and data privacy. Departments of the Company have been identified under the Policy to report to the Company’s Head of IT overseeing the cybersecurity strategy as defined in the Policy. The management team includes members with IT backgrounds to guide our cybersecurity efforts. Management continuously assesses risk as internal and external factors evolve and remains committed to ensuring employees have the adequate resources and training to fully understand cybersecurity guidelines and expectations. In the event of a Policy breach, members of the management team may be asked by the IT Department to assist with security investigations. If any member of management is unaware of the best course of action in dealing with an IT-related matter, the manager shall immediately contact the Company’s Head of IT. Upon discovering a potential violation of the Policy or a cybersecurity breach, the member of management must document the incident and request the individual surrender possession of any devices that may have suffered a security breach. We assessed all third-party vendors, including our third-party IT firm, before engaging them for various services. . We have partnered with a third-party IT firm for cybersecurity services, with the Managed Security Operations Center operating 24/7/365 for automated email monitoring, malicious email quarantine, and reporting. The Head of IT will be notified and proceed accordingly if an event or incident requires input. Additionally, the Company’s management leverages manual controls to verify data integrity and mitigate risk, considering the Company’s size and business model. Management also provides interim and year-end reports to the Board of Directors on the Company’s and its subsidiaries’ IT General controls (ITGC) related to cybersecurity and information security matters. In 2024, we did not identify any cybersecurity events that have materially affected or are reasonably likely to materially affect our business strategy, results of operations, or financial condition. However, despite our efforts, we cannot eliminate all risks from cybersecurity threats, or provide assurances that we have not experienced an undetected cybersecurity incident. For more information about these risks, please see " Risk Factors- Cyberattacks and security breaches of our system, or those impacting our third parties, could adversely impact our brand and reputation and our business, operating results, and financial condition." and “We may suffer significant and adverse effects due to hacking or one or more adverse software events “. 74

Company Information