Marblegate Capital Corp 10-K Cybersecurity GRC - 2025-04-07

Page last updated on April 8, 2025

Marblegate Capital Corp reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-04-07 16:31:58 EDT.

Filings

10-K filed on 2025-04-07

Marblegate Capital Corp filed a 10-K at 2025-04-07 16:31:58 EDT
Accession Number: 0001193125-25-074703

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY. Risk Management & Strategy We have processes for assessing, identifying, managing, mitigating, and responding to cybersecurity risks, which are built into our information technology (" IT “) function and included in our overall risk management system and processes and are designed to help protect our information assets and operations from internal and external cyber threats, protect employee and customer information from unauthorized access or attack, as well as secure our networks and systems. The underlying processes and controls of our cyber risk management program incorporate best practices and standards for cybersecurity and IT. These standards leverage a thorough set of guidelines and best practices to help establish a strong cybersecurity posture, which include physical, procedural and technical safeguards, response plans, and routine review of our policies and procedures to identify risks and refine our practices. We have an annual assessment performed by a third-party specialist of the cyber risk management program, who has relevant expertise to manage cybersecurity risks. The annual risk assessment identifies, quantifies, and categorizes material cyber risks. In addition, we, in conjunction with third-party cyber risk management specialists, develop a Risk Mitigation Plan to mitigate such risks, and where necessary, remediate potential vulnerabilities identified through the assessment process. Cybersecurity partners, including assessors, consultants, advisors, auditors, and other third-party service providers, are a key part of our cybersecurity risk management strategy and infrastructure. We partner with industry recognized cybersecurity providers leveraging third-party technology and expertise and engage with these partners to monitor and maintain the performance and effectiveness of IT assets, data and services. The cybersecurity partners provide services including, but not limited to configuration management, penetration testing, network protection and monitoring, remote monitoring and management, user activity monitoring, data backups management, infrastructure maintenance, cybersecurity strategy, and cyber risk advisory, assessment, and remediation. Our cybersecurity program includes an incident response plan that includes relevant and critical members of management and third-party service providers alike. The team is responsible for assessing and managing cybersecurity incident response processes, response times, and communication plans in the event corrective actions and mitigation procedures are required to isolate and eradicate an incident. We engage certain external parties, including a full-service managed IT service provider, to enhance our cybersecurity oversight. In an effort to deter and detect cyber threats, we annually provide all employees with cybersecurity and prevention training, which covers timely and relevant topics, including social engineering, phishing, password protection, confidential data protection, and mobile security, and educates employees on the importance of reporting all incidents immediately. We also use technology-based tools to mitigate cybersecurity risks and to bolster our employee-based cybersecurity programs. Governance & Oversight Our Audit Committee of the Board of Directors (the " Audit Committee “) is responsible for overseeing cybersecurity risk and periodically updates our board of directors on such matters. The Audit Committee receives periodic updates from management regarding cybersecurity matters and is notified between such updates regarding any significant new cybersecurity threats or incidents. We do not believe that there are currently any known risks from cybersecurity threats that are reasonably likely to materially affect us or our business strategy, results of operations or financial condition. Management is responsible for the operational oversight of company-wide cybersecurity strategy, policy, and standards across relevant departments to assess and help prepare us to address cybersecurity risks. Our Audit Committee oversees our cybersecurity risk exposures and the steps taken by management to monitor and mitigate cybersecurity risks, including oversight of third-party service providers with access to confidential or private information relating to our business. The cybersecurity stakeholders, including member(s) of management assigned with cybersecurity oversight responsibility and/or third-party consultants providing cyber risk services brief the Audit Committee on cyber threats and vulnerabilities identified through the risk management process, the effectiveness of our cyber risk management program, and the emerging threat landscape and new cyber risks. This includes necessary updates on our processes to prevent, detect, and mitigate cybersecurity incidents. We face risks from cybersecurity threats that could have a material adverse effect on our business, financial condition, results of operations, cash flows or reputation. We acknowledge that the risk of a cyber incident is prevalent in the current threat landscape and that a future cyber incident may occur in the normal course of our business. However, prior cybersecurity incidents have not had a material adverse effect on our business, financial condition, results of operations, or cash flows. We proactively seek to detect and investigate unauthorized attempts and attacks against our IT assets, data, and services, and to prevent their occurrence and recurrence where practical through changes or updates to our internal processes and tools and changes or updates to our service delivery; however, potential vulnerabilities to known or unknown threats will remain. Further, there is increasing regulation regarding responses to cybersecurity incidents, including reporting to regulators, investors, and additional stakeholders, which could subject us to additional liability and reputational harm. In response to such risks, we have implemented initiatives such as the cybersecurity risk assessment process and maintain an incident response plan. See Item 1A. “Risk Factors” for more information on our cybersecurity risks.

Company Information