Mentor Capital, Inc. 10-K Cybersecurity GRC - 2025-03-31

Page last updated on March 31, 2025

Mentor Capital, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-31 14:51:03 EDT.

Filings

10-K filed on 2025-03-31

Mentor Capital, Inc. filed a 10-K at 2025-03-31 14:51:03 EDT
Accession Number: 0001641172-25-001620

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. We have no t experienced a material cybersecurity incident that has jeopardized the confidentiality, integrity, or availability of information systems or information residing in such information systems as defined under 17 C.F.R. § 229.106(a). If such an incident were to occur, we would work expeditiously to mitigate our damages as soon as such an incident is detected by implementing our risk management and cybersecurity plan in concert with our established cybersecurity response team. A cybersecurity incident would be reported to the Company’s Chairman of the Board and our general counsel, who would determine whether such incident or event was material. If such an incident or event is material, it would be reported to our Board of Directors and Audit Committee and the material aspects of the incident would be reported on Form 8-K. The Company maintains cybersecurity risk management, disaster readiness, and business continuity protocols to anticipate potential threats and mitigate the probability of cybersecurity risks by establishing alerts, preemptive measures, and cybersecurity responses. We have set up information technology risk management alert programs that are routinely received and reviewed by management and our information technology professionals. We have implemented protocols and procedures to protect the privacy, safety, and security of our data and information technology. We routinely assess our cybersecurity risk while working in consultation with our information technology professionals. In addition to alerts, our information technology professionals provide risk management monitoring and support along with twenty-four-hour dedicated support for the Company. They possess expertise across multiple industries, including support of Department of Defense contractors in the United States. The Company does no t share confidential information with outside third parties unless required by law or necessary for compliance purposes. In such instances, the Company utilizes encryption methods to protect confidential information. The Company ensures that such information is given to such third parties in a responsible manner that would not disclose such confidential information to unintended recipients. Due to the nature of the Company’s operations, the instance of the Company’s receipt of confidential information is minimal, infrequent, and immaterial. Our cybersecurity disaster readiness protocols are implemented and managed by our assistant corporate secretary, who reports to the Chairman of the Board of Directors. Management oversees our cybersecurity risk and our disaster recovery and business continuity plan in order to consider, mitigate, and plan for the preemption of cybersecurity risks that may arise. Our assistant corporate secretary was formerly responsible for information technology, risk management, and cybersecurity at an Am Law 100 law firm . She authored and implemented the firm’s disaster readiness and business continuity protocols and managed the firm’s information technology operations prior to implementation of these similar risk management protocols at the Company in consultation with information technology cybersecurity experts for the purpose of mitigating the Company’s risk and ensuring best practices. Our assistant corporate secretary is responsible for reporting known risks and incidents relating to cybersecurity threats, including compliance with disclosure requirements, to the Chairman of the Board and our general counsel for consideration. 12 The Company’s business strategy, results of operations, and financial condition have no t been materially affected by risks from cybersecurity threats, and we have not experienced any material cybersecurity incidents. Our ability to manage our cybersecurity risks does not allow us to predict our cybersecurity vulnerability to ordinary, novel, or sophisticated cyber-attacks and cyber warfare threats in the future. As a result, we cannot provide future assurances that we will not be materially affected by cybersecurity risks or material cybersecurity incidents in the future. For more information on the risks that the Company faces, including cybersecurity-related risks, see our Item 1A Risk Factors section of this Annual Report on Form 10-K.

Company Information