Korth Direct Mortgage Inc. 10-K Cybersecurity GRC - 2025-04-01

Page last updated on April 1, 2025

Korth Direct Mortgage Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-04-01 13:51:28 EDT.

Filings

10-K filed on 2025-04-01

Korth Direct Mortgage Inc. filed a 10-K at 2025-04-01 13:51:28 EDT
Accession Number: 0001214659-25-005139

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Our business is highly dependent on information technology. In the ordinary course of our business, we store sensitive data, including our proprietary business information and that of our business partners, and non-public personally identifiable information of mortgage borrowers, on our networks. The secure maintenance, processing and transmission of this information is critical to our operations. Computer malware, viruses, ransomware and phishing attacks remain widespread and are increasingly sophisticated. We are frequently the target of attempted cyber threats, as are many other organizations within the financial servicing industry. We continuously monitor and develop our information technology networks and infrastructure to help prevent, detect, address and mitigate the risk of unauthorized access, misuse, computer viruses, and other events that could have a security impact. Despite these security measures, our information technology and infrastructure may be vulnerable to attacks by hackers or breached due to employee error, malfeasance or other disruptions. Any such breach could compromise our networks and the information stored there could be accessed, publicly disclosed, lost or stolen. Such access, disclosure or other loss of information could result in legal claims or proceedings, liability under laws that protect the privacy of personal information, regulatory penalties, disruption to our operations or trading activities or damage to our reputation, all of which could have a material adverse effect on our business, results of operations and financial condition. For additional information on these risks, see Item 1A, “Risk Factors”. We recognize the importance of protecting our information and our information technology systems, and assessing, identifying and managing cybersecurity-related risks have been integrated into our risk management processes. We focus on information technology and cybersecurity measures at both an enterprise-wide operational level and an individual employee level. We have in place various methods and levels of information technology and cybersecurity measures which are aimed at protecting our information and information technology systems to help secure long-term value for our stockholders and other stakeholders. By way of example, these measures include the following: 1. Industry-Standard Security Frameworks: We adhere to recognized security frameworks, including the National Institute of Standards and Technology (NIST) , and employ controls such as antivirus and anti-malware protections, multi-factor authentication (MFA), complex password policies, patch management, email security solutions, and firewall protections. 2. Threat Detection and Risk Management: We leverage advanced security technologies, including endpoint detection and response (EDR), security information and event management (SIEM), and vulnerability management tools to proactively identify and mitigate risks. 3. Incident Response Protocols: We maintain a formal cybersecurity incident response plan that ensures a structured and comprehensive response to security incidents. This plan involves senior executives, external legal and forensic specialists, and includes an active incident response retainer with our third-party Security Operations Center (SOC). 4. Continuous Security Assessments: We conduct regular cybersecurity audits, third-party risk assessments, penetration tests, and targeted control evaluations to identify and remediate potential vulnerabilities. Our security program is continuously monitored and assessed by an external 24/7 Security Operations Center (SOC) . 5. Disaster Recovery and Data Resiliency: We have robust backup and disaster recovery processes in place to ensure business continuity in the event of a security incident or system failure. 6. Employee Awareness and Training: We implement comprehensive cybersecurity and data privacy training programs to enhance employee awareness of cyber risks and reinforce secure operational practices. As part of our commitment to information security and data protection, we have achieved SOC 2 Type II certification in 2024. This certification, issued by an independent third-party auditor, verifies that our security controls meet the American Institute of Certified Public Accountants (AICPA) Trust Services Criteria for security, availability, processing integrity, confidentiality, and privacy. The SOC 2 Type II audit evaluates the effectiveness of our cybersecurity and IT controls over an extended period, further validating our commitment to safeguarding sensitive information and maintaining a secure operational environment. Our executive team is responsible for overseeing matters relating to our information technology and cybersecurity risk exposures and the steps our Company takes to monitor and mitigate these risks. The executive team is briefed quarterly or as needed by senior management and the Chief Information Security Officer, or CISO, on cybersecurity matters, or more frequently as the circumstances require. Our Vice President of Technology, who serves as our CISO, oversees data privacy, information technology, and cybersecurity matters. Our CISO has extensive information technology and program management experience, has served in this role for the Company since 2022 and has supported the Company’s information security function since 2017. To date, we believe that the risks from identified cybersecurity threats, have no t materially affected and are not reasonably likely to materially affect us, including our business strategy, results of operations or financial condition.

Company Information