Risk Factors Dashboard

Once a year, publicly traded companies issue a comprehensive report of their business, called a 10-K. A component mandated in the 10-K is the ‘Risk Factors’ section, where companies disclose any major potential risks that they may face. This dashboard highlights all major changes and additions in new 10K reports, allowing investors to quickly identify new potential risks and opportunities.

View risk factors by ticker

Search filings by term

Risk Factors - DBMM

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing

ITEM 1A. RISK FACTORS

Smaller reporting companies are not required to provide the information required by this item.

ITEM 1B. UNRESOLVED STAFF COMMENTS

None.

ITEM 1C. CYBERSECURITY

Organizations in our industry are frequently confronted with a broad range of cybersecurity threats, ranging from uncoordinated, individual attempts to gain unauthorized access to an organization’s information technology (“IT”) environment to sophisticated and targeted cyberattacks sponsored by foreign governments and criminal enterprises. Although we employ comprehensive measures to prevent, detect, address, and mitigate these threats, a cybersecurity incident could potentially result in the misappropriation, destruction, corruption, or unavailability of critical data, personal identifiable information, and other confidential or proprietary data (our own or that of third parties) and the disruption of business operations. The potential consequences of a material cybersecurity incident include remediation and restoration costs, reputational damage, litigation with third parties, and diminution in the value of our investment in research and development, which in turn could adversely affect our competitiveness and results of operations. Accordingly, cybersecurity is an important part of our Enterprise Risk Management (“ERM”) program, and the Company seeks to address cybersecurity risks through a comprehensive, cross-functional approach.

The Company’s cybersecurity policies, standards, processes, and practices for assessing, identifying, and managing material risks from cybersecurity threats and responding to cybersecurity incidents are integrated into the Company’s risk management program and are based on recognized frameworks established by the National Institute of Standards and Technology. The Company has established controls and procedures, including an Incident Response Plan, that provide for the identification, analysis, notification, escalation, communication, and remediation of data security incidents at appropriate levels so that so that decisions regarding the public disclosure and reporting of such incidents can be made by management in a timely manner. In particular, the Company’s Incident Response Plan (i) is designed to identify and detect information security threats through various mechanisms, such as through security controls and third-party disclosures, and (ii) sets forth a process to (a) analyze any such threats detected within the Company’s IT environment or within a third-party’s IT environment, (b) contain cybersecurity threats under various circumstances, and (c) better ensure the Company can recover from cybersecurity incidents to a normal state of business operations. The Company has established and maintains other incident response and recovery plans that address the Company’s response to a cybersecurity incident.

2

As part of its cybersecurity program, the Company deploys measures to deter, prevent, detect, respond to and mitigate cybersecurity threats, including firewalls, anti-malware, intrusion prevention and detection systems, identity and access controls, software patching protocols, and physical security measures. The Company periodically assesses and tests the Company’s policies, standards, processes, and practices that are designed to address cybersecurity (including artificial intelligence-related) threats and incidents, including by assessing current threat intelligence, and conducting tabletop exercises and vulnerability and security testing. The Company has a process to report material results of such testing and assessments to the board, and periodically adjusts the Company’s cybersecurity program based on these exercises. The Company engages third parties to conduct part of such testing, including hiring consultants and third parties to conduct our threat assessments and supplement the monitoring of such threats by utilizing online data tools. The Company identifies and oversees cybersecurity risks presented by third parties and their systems from a risk-based perspective. The Company also conducts cybersecurity training for employees (including mandatory training programs for system users).

Many of the Company’s IT systems operate with a hosted architecture or by third-party service providers, and if these third-party IT environments fail to operate properly, our systems could stop functioning for a period of time, which could put our users at risk. Accordingly, our ability to keep our business operating is highly dependent on the proper and efficient operation of IT service providers, and our vendor management process is an important part of our risk mitigation strategy. In particular, we obtain reports from our vendors handling sensitive data as to their efficacy and efficiency in managing cybersecurity issues and follow-up with them on any potential or actual issues. Notwithstanding, if there is a catastrophic event, such as an adverse weather condition, natural disaster, terrorist attack, security breach, or other extraordinary event, the Company, and our service providers, may be unable to provide our products or services for the duration of the event and/or a time thereafter.

Considering the pervasive and increasing threat from cyberattacks, the board and the audit committee, with input from management, assess the Company’s cybersecurity threats and the measures implemented by the Company to mitigate and prevent cyberattacks. The audit committee consults with management regarding ongoing cybersecurity initiatives, and requests management to report to the audit committee or the full board regularly on their assessment of the Company’s cybersecurity program and risks, including artificial intelligence. Both the audit committee and the full board receive regular reports from senior management on cybersecurity risks and timely reports regarding any cybersecurity incident that meets established reporting thresholds, as well as ongoing updates regarding any such incident until it has been addressed. Our board has risk management experience.

Recently Filed
Click on a ticker to see risk factors
Ticker * File Date
SNEX 1 day, 5 hours ago
TMRC 1 day, 5 hours ago
ALTX 1 day, 5 hours ago
DBMM 1 day, 5 hours ago
LEDS 1 day, 12 hours ago
LEXX 3 days, 2 hours ago
JJSF 3 days, 6 hours ago
UTI 3 days, 6 hours ago
IMKTA 3 days, 6 hours ago
MOG-A 3 days, 9 hours ago
LEE 3 days, 11 hours ago
CFFN 3 days, 11 hours ago
CENT 3 days, 12 hours ago
SPH 3 days, 13 hours ago
CASH 4 days, 5 hours ago
TFSL 4 days, 5 hours ago
CLFD 4 days, 5 hours ago
HZEN 4 days, 5 hours ago
GXLM 4 days, 5 hours ago
SMG 4 days, 5 hours ago
CLSK 4 days, 6 hours ago
PHCI 4 days, 6 hours ago
RJF 4 days, 6 hours ago
AVXL 4 days, 6 hours ago
MAGN 4 days, 6 hours ago
AMTM 4 days, 6 hours ago
BDX 4 days, 6 hours ago
ARMK 4 days, 6 hours ago
ARWR 4 days, 6 hours ago
EMBC 4 days, 6 hours ago
FLNC 4 days, 6 hours ago
ADI 4 days, 6 hours ago
GLDM 4 days, 7 hours ago
GLD 4 days, 7 hours ago
COR 4 days, 8 hours ago
WWD 4 days, 8 hours ago
FFIV 4 days, 9 hours ago
ROAD 5 days, 4 hours ago
BLBD 5 days, 6 hours ago
ALCO 5 days, 6 hours ago
PNNT 5 days, 6 hours ago
SYM 5 days, 6 hours ago
PFLT 5 days, 6 hours ago
OYCG 5 days, 7 hours ago
CBT 5 days, 12 hours ago
DSNY 5 days, 16 hours ago
GEOS 1 week, 1 day ago
IIIV 1 week, 1 day ago
HP 1 week, 1 day ago
PTC 1 week, 1 day ago

OTHER DATASETS

House Trading

Dashboard

Corporate Flights

Dashboard

App Ratings

Dashboard