WESTWATER RESOURCES, INC. 10-K Cybersecurity GRC - 2025-03-20

Page last updated on March 20, 2025

WESTWATER RESOURCES, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-20 16:30:47 EDT.

Filings

10-K filed on 2025-03-20

WESTWATER RESOURCES, INC. filed a 10-K at 2025-03-20 16:30:47 EDT
Accession Number: 0001558370-25-003382

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY The Company recognizes the importance of maintaining the trust and confidence of our employees, counterparties and customers. Our management is actively involved in oversight of our risk management efforts including cybersecurity. Our policies, standards, and procedures for identifying and managing material risks from cybersecurity threats are integrated into our overall risk management system. RISK MANAGEMENT AND STRATEGY The Company stores and transmits data including sensitive and nonpublic data regarding our company, employees, counterparties and customers, among others. It is critical that we do so in a secure manner to maintain the confidentiality and integrity of such confidential information. We have established physical, electronic, and organizational measures to safeguard and secure our systems to prevent a data compromise, and rely on commercially available systems, software, tools, and monitoring to provide security for our information technology systems and the processing, transmission and storage of digital information. Like many companies, we are the subject of attempts by unauthorized actors to disrupt our operations, access our data, or otherwise cause damage to our technology infrastructure, including through the use of phishing, malware and other attack vectors. The risk of a security breach or disruption, particularly through cyber-attacks or cyber-intrusion, including by computer hackers, foreign governments, and cyber-terrorists, has generally increased as the number, intensity and sophistication of attempted attacks and intrusions from around the world have increased. In addition, the prevalent use of mobile devices that access confidential information increases the risk of data security breaches, which could lead to the loss of confidential information or other intellectual property. The costs to us to mitigate network security problems, bugs, viruses, worms, malicious software programs and security vulnerabilities could be significant, and while we have implemented security measures to protect our data security and information technology systems, our efforts to address these problems may not be successful, and these problems could result in unexpected interruptions, delays, cessation of service and other harm to our business and our competitive position. If such an event were to occur and cause interruptions in our operations, it could result in a material disruption of our product development programs. In addition, we are subject to cybersecurity risk in connection with vendors we utilize. For example, a weakness in vendor systems or software products that we use in the operation of our business may provide a mechanism for a cyber threat actor to access the Company’s systems or information through trusted paths. Recent global supply chain security incidents such as compromises of reputable software update services are illustrative of this type of occurrence. To date, Westwater has not been materially affected by cybersecurity incidents . In light of the nature of the data at risk and the cyber-related threats faced by the Company, the Company employs an agency-wide cybersecurity detection, protection and prevention program for the protection of the Company’s operations and assets. This program includes cybersecurity protocols and controls, network protection, system monitoring and detection processes, a vendor risk management process, and regular cybersecurity and privacy training for employees. However, cybersecurity is an evolving landscape, and we are constantly learning from our own experiences as well as the experiences of others, and there can be no assurance that our processes and procedures will be successful in preventing all cybersecurity incidents. GOVERNANCE The Company’s Board of Directors is responsible for the oversight of risks related to cybersecurity threats. Management communicates with the Board of Directors on a regular basis regarding cybersecurity efforts through risk reporting and the development and testing of procedures and exercises for responding to both internal and external cyber threats. The Company’s Information Technology department , which is headed by the Company’s Information Technology Manager , who maintains a current CompTIA Security+ Continuing Education (CE) Certification and has over 20 years of experience in information security . The Information Technology department is responsible for the Company’s information technology program, including addressing cybersecurity risks, and utilizes specialized vendors to enhance the program. The Information Technology department assesses the effectiveness of its cybersecurity efforts through ongoing monitoring. There are no risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, that the Company believes have materially affected or are reasonably likely to materially affect the Company, including its business strategy, results of operations or financial condition.

Company Information