Crown Electrokinetics Corp. 10-K Cybersecurity GRC - 2025-03-31

Page last updated on March 31, 2025

Crown Electrokinetics Corp. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-31 17:09:28 EDT.

Filings

10-K filed on 2025-03-31

Crown Electrokinetics Corp. filed a 10-K at 2025-03-31 17:09:28 EDT
Accession Number: 0001761696-25-000006

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Risk Management and Strategy As part of our enterprise risk management function, we have implemented processes to assess, identify and manage the material risks facing our company, including risks from cybersecurity threats. Our enterprise risk management function represents our overall risk management system. Our cybersecurity program is built upon recognized security frameworks. We believe that our processes provide us with a comprehensive assessment of potential cybersecurity threats. We conduct regular scans, penetration tests, and vulnerability assessments to identify any potential threats or vulnerabilities in our systems. Our processes to assess, identify and manage the material risks from cybersecurity threats include the risks arising from threats associated with third-party service providers, including cloud-based platforms. We rely heavily on our information technology (“IT”) systems across various aspects of our operations, from product development to customer relations. Given the innovative nature of our business, particularly in the realms of smart glass and fiber optics, ensuring the security, integrity, and availability of data is paramount. We operate in an environment where the protection of intellectual property and sensitive data, including proprietary technology information and customer data, is critical. We are therefore committed to a comprehensive cybersecurity strategy that encompasses not only compliance with relevant privacy laws but also proactive risk management. Our cybersecurity framework is overseen its Information Technology (“IT”) Team. The IT team is geared towards developing and refining a risk-informed decision-making process, emphasizing the early identification and mitigation of cybersecurity risks. The IT Leader leads the charge in implementing a cybersecurity risk management program, employing a mix of technological tools, rigorous processes, and external assessments to safeguard our assets. Regular training programs, including those focused on phishing and secure data handling, are mandatory for all employees, reinforcing the culture of cybersecurity awareness. Despite robust security measures, we acknowledge the possibility of cyber threats breaching its defenses. We have developed a cybersecurity incident response plan that provides a documented framework for handling cybersecurity incidents and facilitates coordination across multiple parts of the Company. This includes a structured procedure for incident detection, analysis, containment, and recovery, underscored by the IT Leader for material incident evaluation and communication. Given the integration of third-party services within our operational framework, we extend our cybersecurity vigilance to our partners and suppliers. This includes contractual safeguards and continuous monitoring to manage and mitigate risks presented by external entities. To date, we have not experienced a cybersecurity incident that has had a material impact on our business strategy, results of operations or financial condition, and we currently do not expect that the risks from cybersecurity threats are reasonably likely to materially affect us, including our business strategy, results of operations or financial condition. However, as discussed more fully under “Item 1A. Risk Factors,” cybersecurity attacks are continually evolving to become more sophisticated and, while we have invested in the protection of our data and information technology to reduce the risk of a cybersecurity incident, our efforts may not be effective in preventing breakdowns or breaches in our systems. Governance Board’s Roles and Responsibilities The governance of cybersecurity within our is structured to ensure a clear delineation of oversight responsibilities. The Board of Directors, particularly through its Audit Committee, plays a crucial role in supervising our cybersecurity posture. The Audit Committee is composed of individuals with deep expertise in risk management, finance, and technology, enabling it to provide informed oversight of cybersecurity risks. Periodic briefings that are held ensures that the Board of Directors remains actively engaged in guiding and evaluating our cybersecurity strategy. Management’s Roles and Responsibilities Operational responsibility for cybersecurity falls to the management, led by the IT department . The management team is tasked with executing our cybersecurity strategy, focusing on risk assessment, incident prevention, and response. This includes conducting vulnerability assessments, ensuring continuous monitoring, and staying updated on cybersecurity trends and threats. The Software Engineer, with extensive experience in information security, works in close coordination with other key management roles to ensure a unified approach to cybersecurity across our company. Our approach to cybersecurity is integral to its operations, reflecting a commitment to safeguarding its innovative technologies and sensitive data. Through a combination of strategic oversight by the Board of Directors and diligent execution by management, we aim to uphold the highest standards of cybersecurity resilience and integrity.

Company Information