Worksport Ltd 10-K Cybersecurity GRC - 2025-03-27

Page last updated on March 27, 2025

Worksport Ltd reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-27 07:44:42 EDT.

Filings

10-K filed on 2025-03-27

Worksport Ltd filed a 10-K at 2025-03-27 07:44:42 EDT
Accession Number: 0001641172-25-000850

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY We acknowledge the increasing importance of cybersecurity in today’s digital and interconnected world. Cybersecurity threats pose significant risks to the integrity of our systems and data, potentially impacting our business operations, financial condition and reputation. As a smaller reporting company, we currently do not have enhanced cybersecurity measures, a dedicated cybersecurity team or robust protocols in place to manage cybersecurity risks. We have not yet conducted comprehensive risk assessments, established an incident response plan or engaged with external cybersecurity consultants for assessments or services. We intend to invest more resources into improving our assessment and response to cybersecurity risk in the future. Given our current stage of cybersecurity development, we have not experienced any significant cybersecurity incidents to date. However, we recognize that the absence of a formalized cybersecurity framework may leave us vulnerable to cyberattacks, data breaches and other cybersecurity incidents. Such events could potentially lead to unauthorized access to, or disclosure of, sensitive information, disrupt our business operations, result in regulatory fines or litigation costs and negatively impact our reputation among customers and partners. In addition, cybersecurity incidents could have material adverse effects on our business strategy, financial condition, and results of operations (e.g., a significant breach could result in direct financial losses due to fraud, system downtime impacting revenue generation, increased compliance costs or contractual liabilities with third-party vendors and customers). We are in the process of evaluating our cybersecurity needs and developing appropriate measures to enhance our cybersecurity posture. This includes considering the engagement of external cybersecurity experts to advise on best practices, conducting vulnerability assessments and developing an incident response strategy. Our goal is to establish a cybersecurity framework that is commensurate with our size, complexity and the nature of our operations, thereby reducing our exposure to cybersecurity risks. 29 In addition, the Board will oversee any cybersecurity risk management framework, and the Board’s governance committee and the firm’s CEO, Steven Rossi, will review and approve any cybersecurity policies, strategies and risk management practices . The Board (or designated committee or officer) will receive periodic updates on cybersecurity risks, including emerging threats, mitigation efforts and incident response activities. The updates will be provided at least annually, or more frequently as needed, to ensure cybersecurity risks are appropriately managed and integrated into our broader risk oversight strategy. Despite our efforts to improve our cybersecurity measures, there can be no assurance that our initiatives will fully mitigate the risks posed by cyber threats. The landscape of cybersecurity risks is constantly evolving, and we will continue to assess and update our cybersecurity measures in response to emerging threats. We do, however, have cybersecurity insurance coverage in the aggregate amount of $1,000,000 per annual policy period, which covers damages from a range of potential cyber security issues including but not limited to property damage, privacy liability, privacy regulatory defense, cyber extortion, and post breach remediation. For a discussion of potential cybersecurity risks affecting us, please refer to the “Risk Factors” section.

Company Information