SANUWAVE Health, Inc. 10-K Cybersecurity GRC - 2025-03-20

Page last updated on March 20, 2025

SANUWAVE Health, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-20 16:48:22 EDT.

Filings

10-K filed on 2025-03-20

SANUWAVE Health, Inc. filed a 10-K at 2025-03-20 16:48:22 EDT
Accession Number: 0001628280-25-014141

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. CYBERSECURITY Our management and Board of Directors (the “Board”) recognize the importance of maintaining the security and resiliency of our cybersecurity environment to deliver on the expectations of our customers, business partners, employees, and investors. The Board is involved in our risk management practices. Overall, the purpose of our information security program is to protect the confidentiality, integrity and availability of our systems and data, along with the safe operation of our systems. Technical safeguards We deploy technical safeguards that are designed to protect our systems from cybersecurity threats, including firewalls, anti-malware software, and authentication and authorization controls. Security awareness and training We provide ongoing security awareness and training to educate internal users on how to identify and report potential issues. Phishing emails are discussed on a regular basis with employees to ensure proper protocols are followed. We also provide periodic updates to employees on emerging cybersecurity trends and ways to protect themselves and the Company. Governance of Cybersecurity Risks The Audit Committee of the Board has the primary responsibility for oversight, review and discussion with management of the Company’s information technology, data security, business continuity, artificial intelligence and cybersecurity-related risk exposures and threats; the potential impact of those risk exposures and threats on the Company’s business, operations and reputation; and the processes management has established to assess, manage, monitor and mitigate such risk exposures and threats. The Company’s Chief Executive Officer, President, and Chief Financial Officer are responsible for assessing and managing cybersecurity risks. The Company’s management periodically reports on cybersecurity issues and presents information to our Audit Committee as well as our full Board, as appropriate, on cybersecurity matters. Upon verifying that a cybersecurity incident has occurred or is occurring, the Chief Executive Officer, President and Chief Financial Officer will promptly conduct a preliminary assessment of the severity level of the cybersecurity incident. Following this assessment, the Chief Executive Officer will determine whether to report the cybersecurity incident to the Audit Committee, who will then report such cybersecurity incident to the Board as the chair deems appropriate. Material Impact of Cybersecurity Risks We have not experienced a material information security breach incident, and we are not aware of any cybersecurity risks that are reasonably likely to materially affect our business. However, future incidents could have a material impact on our business strategy, results of operations or financial condition. For additional discussion of the risks posed by cybersecurity threats, see “Item 1A. Risk Factors- Risks to our Business- We are dependent on information technology and our systems and infrastructure face certain risks, including from cybersecurity breaches and data leakage.”

Company Information