Aureus Greenway Holdings Inc 10-K Cybersecurity GRC - 2025-03-28

Page last updated on March 28, 2025

Aureus Greenway Holdings Inc reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-28 16:00:48 EDT.

Filings

10-K filed on 2025-03-28

Aureus Greenway Holdings Inc filed a 10-K at 2025-03-28 16:00:48 EDT
Accession Number: 0001641172-25-001168

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity . We believe cybersecurity risk management is an important part of its overall risk management efforts. The Company has a policy of transparency regarding our data collection, use, retention and sharing practices, and it is our commitment to implement appropriate technical security measures to protect all Company stakeholders and manage third party risk. Our operations may, in some cases, involve the storage, transmission and other processing of customer and research data or sales information. Cyberattacks and other malicious internet-based activity continue to increase, and cloud-based platform providers of services are expected to continue to be targeted. Threats include traditional computer “hackers,” malicious code (such as viruses and worms), phishing attacks, employee theft or misuse and denial-of-service attacks, and use of artificial intelligence. As of the date of this Annual Report, the Company has not encountered any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, that materially affected or are reasonably likely to materially affect the Company, including its business strategy, results of operations or financial condition. The Company’s strategy is to mitigate risks preventatively; however, no assurances can be provided that there will not be incidents in the future or that they will not materially affect the Company. We maintain an information security program that is comprised of policies and controls designed to mitigate cybersecurity risk. However, at any given time, we face known and unknown cybersecurity risks and threats that are not fully mitigated, and we continuously work to enhance our information security program and risk management efforts. Although risks from cybersecurity threats have to date not materially affected us, our business strategy, results of operations or financial condition, we do, from time to time, experience threats and communicate security incidents relating to our and our third party vendors’ data and information systems. For more information about these risks, please refer to the section entitled “Risk Factors” in this Annual Report. The Company is actively engaged in identifying and managing cybersecurity risks. Protecting company data, non-public customer and employee data, and the systems that collect, process, and maintain this information is deemed critical. 33 We and our customers use third-party service providers to perform a variety of functions throughout our business, including booking services through third party platforms and point of sale devices. Depending on the nature of the services provided, the sensitivity of the systems and data at issue, and the identity of the provider, customer or our vendor contracting processes may include imposing certain contractual provisions related to privacy and cybersecurity. We have integrated our assessment and management of material risks from cybersecurity threats into our overall risk management systems and processes. For example, the results of such third-party cybersecurity assessments are shared with our senior management and the board’s audit committee for review, both of which evaluate our overall enterprise risk. Cybersecurity Risk In 2018, the SEC published interpretive guidance to assist public companies in preparing disclosures about cybersecurity risks and incidents. These SEC guidelines, and any other regulatory guidance, are in addition to notification and disclosure requirements under state and federal laws and regulations. If we fail to observe this regulatory guidance or standards, we could be subject to various regulatory sanctions, including financial penalties. State regulators have been increasingly active in implementing privacy and cybersecurity standards and regulations. Recently, several states have adopted regulations requiring certain financial institutions to implement cybersecurity programs and providing detailed requirements with respect to these programs, including data encryption requirements. Many states have also recently implemented or modified their data breach notification, information security and data privacy requirements. We expect this trend of state-level activity in those areas to continue and are continually monitoring developments where our customers are located. Risks and exposures related to cybersecurity attacks, including litigation and enforcement risks, are expected to be elevated for the foreseeable future due to the rapidly evolving nature and sophistication of these threats, as well as due to the expanding use of internet banking, mobile banking, and other technology-based services offered by us. Governance The Board, in coordination with the Audit Committee of the Board, oversees the Company’s processes for assessing and managing risk. The Board and Audit Committee may review the measures implemented by the Company to identify and mitigate data protection and cybersecurity risks. The Board’s Audit Committee is also responsible for overseeing cybersecurity risk and are informed in a timely manner of any incidents considered potentially serious, together with details on the prevention, detection, mitigation and remediation of such incidents. 34 Risks from Cybersecurity Threats As of the date of this report, we are not aware of any material risks from cybersecurity threats that have materially affected or are reasonably likely to materially affect the Company, including our business strategy, results of operations, or financial condition. However, we cannot provide assurance that we will not experience any such event in the future. For a description of the risks from cybersecurity threats that may materially affect the Company and how they may do so, see our risk factors under Part 1. Item 1A. Risk Factors in this Annual Report on Form 10-K.

Company Information