FIREFLY NEUROSCIENCE, INC. 10-K Cybersecurity GRC - 2025-04-03

Page last updated on April 4, 2025

FIREFLY NEUROSCIENCE, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-04-03 06:01:57 EDT.

Filings

10-K filed on 2025-04-03

FIREFLY NEUROSCIENCE, INC. filed a 10-K at 2025-04-03 06:01:57 EDT
Accession Number: 0001437749-25-010818

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY. Risk Management and Strategy The Company recognizes the critical importance of developing, implementing, and maintaining robust cybersecurity measures to safeguard our information systems and protect the confidentiality, integrity, and availability of our data. We have developed the following processes as part of our strategy for assessing, identifying, and managing material risks from cybersecurity threats. Managing Material Risks and Integrated Overall Risk Management We have integrated cybersecurity risk management into our risk management processes. This integration is intended to ensure that cybersecurity considerations are part of our decision-making processes. We continuously evaluate and address cybersecurity risks in alignment with our business objectives and operational needs. Engaging Third Parties on Risk Management We engage a range of external experts, including consultants, auditors, and cybersecurity assessors, who assist us in evaluating and testing our cybersecurity systems and processes. These partnerships are intended to give us access to specialized knowledge and insights that can inform our cybersecurity strategies and processes, including as to industry-standard control frameworks and applicable regulations, laws, and standards. Overseeing Third-Party Risk As part of our evolving cybersecurity roadmap, we plan to implement and conduct security assessments of all third -party service providers before engagement and maintain ongoing monitoring to ensure compliance with relevant cybersecurity standards. Risks from Cybersecurity Threats We have not experienced any material cybersecurity incidents. As a result, we do not believe that risks from cybersecurity threats, have materially affected us, our results of operations and financial condition. However, as discussed under “Risk Factors” in Part I, Item 1A of this Annual Report, cybersecurity threats pose multiple and potentially material risks to us, including potentially to our results of operations and financial condition. See also “Risk Factors - Failure to protect our information technology infrastructure against cyber-based attacks, network security breaches, service interruptions, or data corruption could significantly disrupt our operations and adversely affect our business strategy and operating results.” As cybersecurity threats become more frequent, sophisticated, and coordinated, it is reasonably likely that we may expend greater resources to continue to modify and enhance protective measures against such security risks Governance Board of Directors Oversight Our board of directors oversees the management of risks associated with cybersecurity threats. Management ’ s Role Managing Risk The Company’s management is primarily responsible for assessing, monitoring and managing our cybersecurity risks. Management must ensure that all industry standard cybersecurity measures are functioning as required to prevent or detect cybersecurity threats and related risks. Management oversees and tests our compliance with standards, remediates known risks, and leads our employee training program. Monitoring Cybersecurity Incidents The Company’s management is continually informed about the latest developments in cybersecurity, including potential threats and innovative risk management techniques. Management implements and oversees processes for the regular monitoring of our information systems. This includes the deployment of industry-standard security measures and regular system audits to identify potential vulnerabilities. In the event of a cybersecurity incident, management will implement an incident response plan. This plan includes immediate actions to mitigate the impact and long-term strategies for remediation and prevention of future incidents. Reporting to Board of Directors Significant cybersecurity matters, and strategic risk management decisions, will be escalated to the board of directors .

Company Information