Page last updated on March 27, 2025
TWFG, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-27 15:36:37 EDT.
Filings
10-K filed on 2025-03-27
TWFG, Inc. filed a 10-K at 2025-03-27 15:36:37 EDT
Accession Number: 0001628280-25-015138
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
Item 1C. Cybersecurity Cybersecurity risk management and strategy At TWFG, cybersecurity risk management is an important part of our overall enterprise risk management program. Our cybersecurity risk management program provides a framework for handling cybersecurity threats and incidents and involves coordination across different departments of our Company . T he framework is informed in part by the National Institute of Standards and Technology (NIST) Cybersecurity Framework, although this does not imply that we meet all technical standards, specifications or requirements under the NIST. This framework includes assessing the severity of cybersecurity threats, identifying the sources of cybersecurity threats including whether the cybersecurity threats are associated with third-party service providers, implementing cybersecurity mitigation strategies and informing management and our board of directors of material cybersecurity threats and incidents. Our vendor management process may include reviewing the cybersecurity practices of third-party providers, contractually imposing obligations on the provider, conducting security assessments, and conducting periodic reassessment during their engagement. We have a cybersecurity incident response plan and dedicated teams to respond to cybersecurity incidents, and we conduct an annual tabletop exercise to test our incident preparedness and response process. Our cybersecurity team also engages our third-party Security Operations Center and IT advisors for security risk assessments and security management. In addition, we provide security awareness training to help our employees understand their information protection and cybersecurity responsibilities. Cybersecurity Governance The Audit Committee of our board of directors is responsible for board-level oversight and management of our cybersecurity risks . In addition to this board-level oversight, our Information Technology Governance Committee (“ITGC”), a management committee, is responsible for overseeing and managing our cybersecurity risks . The ITGC includes our Chief Operating Officer, General Counsel and senior management in the technology teams, and is supported by our third-party Chief Information Security Officer (“CISO”) and Security Operations Center provider . Our CISO has over twenty years of experience in managing cybersecurity risks, disaster recovery, and business continuity and is a Certified Information Systems Security Professional (CISSP) and Master Business Continuity Professional (MBCP) . The ITGC is responsible for identifying, considering and assessing material cybersecurity risks on an ongoing basis, establishing processes to monitor such potential cybersecurity risk exposures, implementing appropriate mitigation measures and maintaining cybersecurity policies. The ITGC takes steps to remain informed about and monitor efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, which may include briefings from internal security personnel; threat intelligence and other information obtained from governmental, public or private sources, including third-party consultants engaged by us; and alerts and reports produced by security tools deployed in our IT environment. The ITGC conducts regular meetings throughout the year, and reports on cybersecurity risks at the quarterly meetings of the Audit Committee . Based on these reports, the board of directors may request follow-up information to address any specific concerns and recommendations. As of the date of this Annual Report, we are not aware of any cybersecurity threats or incidents that have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition . Despite our efforts, we cannot eliminate all risks from cybersecurity threats, guarantee that cyber-related risk will not be material in the future, or provide assurances that we have not experienced an undetected cybersecurity incident. For more information about these risks, please see “Risk Factors-Risks relating to intellectual property and cybersecurity-Improper disclosure of confidential, personal or proprietary data, whether due to human error, misuse of information by employees or vendors, or as a result of security breaches, cyberattacks or other similar incidents with respect to our or our vendors’ systems, could result in regulatory 50 Table of contents scrutiny, legal liability or reputational harm, and could have an adverse effect on our business or operations” in this Annual Report.
Company Information
| Name | TWFG, Inc. |
| CIK | 0002007596 |
| SIC Description | Insurance Agents, Brokers & Service |
| Ticker | TWFG - Nasdaq |
| Website | |
| Category | Emerging growth company |
| Fiscal Year End | December 30 |