Pangaea Logistics Solutions Ltd. 10-K Cybersecurity GRC - 2025-03-17

Page last updated on March 18, 2025

Pangaea Logistics Solutions Ltd. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-17 21:21:48 EDT.

Filings

10-K filed on 2025-03-17

Pangaea Logistics Solutions Ltd. filed a 10-K at 2025-03-17 21:21:48 EDT
Accession Number: 0001606909-25-000097

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C “Cybersecurity.” Risks Related To Our Common Shares Future sales of our common shares could cause the market price of our common shares to decline. The market price of our common shares could decline due to sales of a large number of shares in the market, including sales of shares by our large shareholders, or the perception that these sales could occur. These sales could also make it more difficult or impossible for us to sell equity securities in the future at a time and price that we deem appropriate to raise funds through future offerings of common shares. We may need to raise additional capital in the future, which may not be available on favorable terms or at all or which may dilute our common shares or adversely affect its market price. We may require additional capital to expand our business and increase revenues, add liquidity in response to negative economic conditions, meet unexpected liquidity needs caused by industry volatility or uncertainty and reduce our outstanding indebtedness under our existing facilities. To the extent that our existing capital and borrowing capabilities are insufficient to meet these requirements and cover any losses, we will need to raise additional funds through debt or equity financings, including offerings of our common shares, securities convertible into our common shares, or rights to acquire our common shares, or curtail our growth and reduce our assets or restructure arrangements with existing security holders. Any equity or debt financing, or additional borrowings, if available at all, may be on terms that are not favorable to us. Equity financings could result in dilution to our shareholders, as described further below, and the securities issued in future financings may have rights, preferences and privileges that are senior to those of our common shares. If our need for capital arises because of significant losses, the occurrence of these losses may make it more difficult for us to raise the necessary capital. If we cannot raise funds on acceptable terms if and when needed, we may not be able to take advantage of future opportunities, grow our business or respond to competitive pressures or unanticipated requirements. Future issuances of our common shares could dilute our shareholders’ interests in our company. We may, from time to time, issue additional common shares to support our growth strategy, reduce debt or provide us with capital for other purposes that our Board of Directors believes to be in our best interest. To the extent that an existing shareholder does not purchase additional shares that we issue, that shareholder’s interest in our company will be diluted, which means that its percentage of ownership in our company will be reduced. Following such a reduction, that shareholder’s common shares would represent a smaller percentage of the vote in our Board of Directors’ elections and other shareholder decisions. Volatility in the market price and trading volume of our common shares could adversely impact the trading price of our common shares. The stock market in recent years has experienced significant price and volume fluctuations that have often been unrelated or disproportionate to the operating performance of companies like us. These broad market factors may materially reduce the market price of our common shares, regardless of our operating performance. The market price of our common shares, which has experienced significant price fluctuations in the past twelve months, could continue to fluctuate significantly for many reasons, including in response to the risks described herein or for reasons unrelated to our operations, such as reports by industry analysts, investor perceptions or negative announcements by our competitors or suppliers regarding their own performance, as well as industry conditions and general financial, economic and political instability. Classified Board of Directors. Our Board of Directors is divided into three classes serving staggered, three-year terms. This classified board provision could discourage a third party from making a tender offer for our shares or attempting to obtain control of us. It could also delay shareholders who do not agree with the policies of our Board of Directors from removing a majority of our Board of Directors for up to two years. We are incorporated in Bermuda and it may not be possible for our investors to enforce U.S. judgments against us. We are incorporated in Bermuda and substantially all of our assets are located outside the United States. In addition, one of our directors is a non-resident of the United States, and all or a substantial portion of such director’s assets are located outside the 58 United States. As a result, it may be difficult or impossible for U.S. investors to serve process within the United States, upon us or our directors and executive officers, or to enforce a judgment against us for civil liabilities in United States courts. In addition, you should not assume that courts in the countries in which we are incorporated or where our assets are located would enforce judgments of United States courts obtained in actions against us based upon the civil liability provisions of applicable United States federal and state securities laws or would enforce, in original actions, liabilities against us based on those laws. Because we are a foreign corporation, you may not have the same rights that a shareholder in a U.S. corporation may have. We are a Bermuda exempted company. Our memorandum of association and bye-laws and the Companies Act, 1981 of Bermuda, or the Companies Act, govern our affairs. The Companies Act does not as clearly establish your rights and the fiduciary responsibilities of our directors as do statutes and judicial precedent in some United States jurisdictions. Therefore, you may have more difficulty in protecting your interests as a shareholder in the face of actions by the management, directors or controlling shareholders than would shareholders of a corporation incorporated in a United States jurisdiction. There is a statutory remedy under Section 111 of the Companies Act which provides that a shareholder may seek redress in the courts as long as such shareholder can establish that our affairs are being conducted, or have been conducted, in a manner oppressive or prejudicial to the interests of some part of the shareholders, including such shareholder. However, you may not have the same rights that a shareholder in a United States corporation may have. ITEM 1B. UNRESOLVED STAFF COMMENTS Not applicable. ITEM 1C. CYBERSECURITY Our Board of Directors oversees our risk management process, including risks from cybersecurity threats. Our Board of Directors reviews strategic risk exposure, and members of our management are responsible for addressing the material risks we face on a day-to-day basis. Our Board of Directors administers its cybersecurity risk oversight function directly as a whole as well as through our Audit Committee. Our Board and our Audit Committee receive updates from time to time from our management as appropriate on cybersecurity. Our Chief Financial Officer and our Information Technology department are primarily responsible to assess and manage material risks from cybersecurity threats and oversee key cybersecurity policies and processes. They are informed about policies and processes to monitor the prevention, detection, mitigation, and remediation of cybersecurity incidents. Our Global IT Director has 20 years of experience in the design, implementation, and support of information technology infrastructures . Network and information systems and other technologies play an important role in our business activities. We also obtain certain confidential, proprietary and personal information about our charterers, personnel, and vendors. To protect our data, we have employed cybersecurity protocols which are designed to work in tandem with internal controls to safeguard our information technology environment. Our information technology infrastructure is designed with commercial flexibility, data integrity, and safety in mind. We utilize a layered approach of systems and policies intended to provide a secure operating environment and promote business continuity. Our hardware and software systems are equipped with technology intended to offer access and intrusion protection, software and communications systems protections, and mitigate cybersecurity threats. We have established policies and processes for assessing, identifying, and managing material risk from cybersecurity threats, and have integrated these processes into our overall risk management systems and processes. We routinely assess material risks from cybersecurity threats, including any potential unauthorized occurrence on or conducted through our information systems that may result in adverse effects on the confidentiality, integrity, or availability of our information systems or any information maintained in them. We utilize industry standard software packages such as RSA and Cisco Firepower to secure our networks. We conduct regular risk assessments to identify cybersecurity threats. These risk assessments include identifying reasonably foreseeable potential internal and external risks, the likelihood of occurrence and any potential damage that could result from such risks, and the sufficiency of existing policies, procedures, systems, controls, and other safeguards in place to manage such risks. As part of our risk management process, we may engage third party experts to help identify and assess risks from cybersecurity threats. 59 For example, we perform penetration tests, data recovery testing, security audits and risk assessments throughout the year. We hold online cybersecurity training for our employees. Our risk management process also encompasses cybersecurity risks associated with our use of third-party service providers . Following these risk assessments, we design, implement, and maintain safeguards intended to minimize the identified risks; address any identified gaps in existing safeguards; update existing safeguards as necessary; and monitor the effectiveness of our safeguards. While we develop and maintain protocols, controls, and systems, that seek to prevent cybersecurity incidents from occurring, we must constantly monitor and update these protocols, controls, and systems in the face of sophisticated and rapidly evolving attempts to overcome them. The occurrence of cybersecurity incidents could cause a variety of material adverse impacts on our business, although no such incident has had any such impact to date. F or additional information regarding whether any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect our company, including our business strategy, results of operations, or financial condition, please refer to Item 1A, “Risk Factors,” in this report, including the risk factor entitled “Security breaches and other disruptions to our information technology infrastructure could interfere with our operations and expose us to liability.” and Item 1, “Business - Environmental and Other Regulations - Safety Management System Requirements” in this report.
ITEM 1C. CYBERSECURITY Our Board of Directors oversees our risk management process, including risks from cybersecurity threats. Our Board of Directors reviews strategic risk exposure, and members of our management are responsible for addressing the material risks we face on a day-to-day basis. Our Board of Directors administers its cybersecurity risk oversight function directly as a whole as well as through our Audit Committee. Our Board and our Audit Committee receive updates from time to time from our management as appropriate on cybersecurity. Our Chief Financial Officer and our Information Technology department are primarily responsible to assess and manage material risks from cybersecurity threats and oversee key cybersecurity policies and processes. They are informed about policies and processes to monitor the prevention, detection, mitigation, and remediation of cybersecurity incidents. Our Global IT Director has 20 years of experience in the design, implementation, and support of information technology infrastructures . Network and information systems and other technologies play an important role in our business activities. We also obtain certain confidential, proprietary and personal information about our charterers, personnel, and vendors. To protect our data, we have employed cybersecurity protocols which are designed to work in tandem with internal controls to safeguard our information technology environment. Our information technology infrastructure is designed with commercial flexibility, data integrity, and safety in mind. We utilize a layered approach of systems and policies intended to provide a secure operating environment and promote business continuity. Our hardware and software systems are equipped with technology intended to offer access and intrusion protection, software and communications systems protections, and mitigate cybersecurity threats. We have established policies and processes for assessing, identifying, and managing material risk from cybersecurity threats, and have integrated these processes into our overall risk management systems and processes. We routinely assess material risks from cybersecurity threats, including any potential unauthorized occurrence on or conducted through our information systems that may result in adverse effects on the confidentiality, integrity, or availability of our information systems or any information maintained in them. We utilize industry standard software packages such as RSA and Cisco Firepower to secure our networks. We conduct regular risk assessments to identify cybersecurity threats. These risk assessments include identifying reasonably foreseeable potential internal and external risks, the likelihood of occurrence and any potential damage that could result from such risks, and the sufficiency of existing policies, procedures, systems, controls, and other safeguards in place to manage such risks. As part of our risk management process, we may engage third party experts to help identify and assess risks from cybersecurity threats. 59 For example, we perform penetration tests, data recovery testing, security audits and risk assessments throughout the year. We hold online cybersecurity training for our employees. Our risk management process also encompasses cybersecurity risks associated with our use of third-party service providers . Following these risk assessments, we design, implement, and maintain safeguards intended to minimize the identified risks; address any identified gaps in existing safeguards; update existing safeguards as necessary; and monitor the effectiveness of our safeguards. While we develop and maintain protocols, controls, and systems, that seek to prevent cybersecurity incidents from occurring, we must constantly monitor and update these protocols, controls, and systems in the face of sophisticated and rapidly evolving attempts to overcome them. The occurrence of cybersecurity incidents could cause a variety of material adverse impacts on our business, although no such incident has had any such impact to date. F or additional information regarding whether any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect our company, including our business strategy, results of operations, or financial condition, please refer to Item 1A, “Risk Factors,” in this report, including the risk factor entitled “Security breaches and other disruptions to our information technology infrastructure could interfere with our operations and expose us to liability.” and Item 1, “Business - Environmental and Other Regulations - Safety Management System Requirements” in this report.

Company Information