INTELLIGENT PROTECTION MANAGEMENT CORP. 10-K Cybersecurity GRC - 2025-03-24

Page last updated on March 24, 2025

INTELLIGENT PROTECTION MANAGEMENT CORP. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-24 16:15:22 EDT.

Filings

10-K filed on 2025-03-24

INTELLIGENT PROTECTION MANAGEMENT CORP. filed a 10-K at 2025-03-24 16:15:22 EDT
Accession Number: 0001013762-25-001600

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Overview At IPM, cybersecurity is at the core of our business operations and an integral part of our commitment to delivering secure, compliant, and resilient technology solutions to customers operating in highly regulated industries. Prior to the Transactions, the Company employed a comprehensive strategy with respect to cybersecurity, which was supported by both management and our Board. Historically, our Board was responsible for overseeing our risk management activities in general, and certain of our Board committees assisted the Board in the role of risk oversight. The operations team prior to the Transactions conducted manual and automated testing of our systems, with the goal of identifying vulnerabilities and proactively strengthening our defenses. Following the Transactions, in order to support our comprehensive range of IT-related services and digital infrastructure, we have embraced a multi-layered defense approach, which helps us recognize and address the dynamic nature of cyber threats. By integrating diverse security measures, we aim to fortify our infrastructure against a spectrum of potential risks and adapt to the ever-evolving cybersecurity landscape. Our cybersecurity strategy is proactively designed to protect our digital infrastructure, customer environments, and business continuity. This approach is supported by our management and Board, with structured oversight to ensure compliance with evolving regulatory, risk, and industry best practices. Proactive Security Measures and Threat Management We employ a multi-layered defense strategy, leveraging advanced threat intelligence, automation, and security analytics to proactively detect, prevent, and respond to cyber threats. Our core security practices include: ● continuous threat monitoring and response utilizing real-time security operations centers and next-generation endpoint detection and response to rapidly identify and neutralize threats; ● regular vulnerability assessments and penetration testing conducted through automated and manual assessments with prioritized remediation workflows to enhance security across infrastructure, applications, and client environments; ● zero trust security architecture, which implements strict identity verification, least privilege access and network segmentation to reduce attack surfaces and prevent lateral movement of threats; and ● partnerships with leading cybersecurity firms for independent security audits, risk assessments, and compliance rev iews as described below. Recognizing that human factors play a critical role in cybersecurity, our workforce and compliance training includes comprehensive security awareness program. All employees undergo quarterly security training, covering data protection, insider threat mitigation, phishing awareness, and compliance best practices. Additionally, we implement strict enforcement of multi-factor authentication, just-in-time access controls, and continuous user behavior monitoring. 18 Incident Response and Business Continuity Our incident response framework follows a structured escalation and notification process focused on rapid containment, mitigation, and recovery from cybersecurity incidents. Key response protocols include: ● automated detection and response workflows to leverage rapid assessment detection technology to detect breaches in real time; ● escalation of critical incidents to our Chief Executive Officer, President, and Chief Operating Officer and the Board based on severity and regulatory reporting requirements; and ● secure backup and disaster recovery, which implement immutable backups, air-gapped storage, and rapid failover solutions to protect data integrity and minimize downtime in case of cyber incidents. Governance Both management and the Board are actively involved in the oversight of risks from cybersecurity threats. Our information security program is designed to ensure that management and the Board are adequately informed about, and provided with the tools necessary to monitor, (i) material risks from cybersecurity threats and (ii) our efforts related to the prevention, detection, mitigation, and remediation of cybersecurity incidents. Role of the Board Our Board oversees cybersecurity risk as part of our enterprise risk management strategy. The Board receives comprehensive cybersecurity updates from our President at least quarterly to inform our directors of evolving threats and regulatory developments. We undergo regular independent audits, cybersecurity risk assessments, and compliance reviews to validate our security posture, and our Audit Committee receives annual reports regarding our ongoing security measures. Role of Management At the management level, our Chief Information Security Officer (“CISO”) leads cybersecurity initiatives and reports regularly to the President on security posture, risk trends, and key incidents. Our President is a seasoned technology and business leader with over 20 years of experience in managed IT services and global scale multi-site private cloud datacenter operations. His background and experience provide him with expertise regarding data privacy and security, vulnerability management, security operations, and application security. In addition, our Chief Operating Officer has many years of experience with managed IT cyber application delivery. We face risks from cybersecurity threats that could have a material adverse effect on its business, financial condition, results of operations, cash flows or reputation. To date, we have not experienced any risks from cybersecurity threats that have materially affected, or are reasonably likely to materially affect, our business strategy, financial condition, results of operations, or cash flows. See " Risk Factors - Risks Related to Our Business - We could be adversely affected by information security breaches or cyber security attacks ." 19

Company Information