|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
SPAR Group Inc. recognizes the increased global cybersecurity threats and sophisticated, targeted computer crime and the risk it poses to our operations. We rely on information technology and data to operate our business and develop, market and deliver our products and services to our customers.
Our cybersecurity risk management program is led by our Chief Information Officer (“CIO”), who is directly responsible for establishing cybersecurity strategies and structures and managing ongoing cybersecurity risk management activities. Our CIO is part of the executive management team, and updates our CEO and executive management on a monthly, or even more frequent basis, on cybersecurity enhancement and the development and implementation of our roadmap.
We have strategically embedded cybersecurity risk management within an enterprise-wide framework, ensuring that it permeates across various facets of our operations. This integrated approach encompasses administrative protocols, operational strategies, organizational structures, physical safeguards, and technical measures, all tailored to align with the scope and nature of our business.
Cybersecurity Risk Management and Strategy
We believe this integrated approach allows cybersecurity considerations to be an integral part of our decision-making processes. Our day-to-day cybersecurity work is led by our CIO and Head of Infrastructure. Both are highly experienced professionals. This group works closely with our executive management to continuously evaluate and address cybersecurity risks in alignment with our business and operational needs.
Cybersecurity risks related to our business, technical operations, privacy and compliance issues are identified and addressed through a combination of-party assessments, internal audit, IT security, governance, risk and compliance reviews. To defend, detect and respond to cybersecurity incidents, we, among other things:
As noted, to operate our business, we utilize certain third-party service providers to perform a variety of functions and provide certain security-related services, such as outsourced business critical functions, professional services, SaaS platforms, managed services, cloud-based infrastructure, data center facilities, content delivery to customers, encryption and authentication technology, corporate productivity services, and other functions; as well asparties that assist us to identify, assess and manage cybersecurity risks, including professional services firms, threat intelligence service providers, cybersecurity software providers, penetration testing firms and other vendors that help to identify, assess or manage cybersecurity risks.
In addition, we have implemented an incident response and breach management plan which has four overarching and interconnected stages:
The plan also provides the process and workflow of communication for escalation of incidents to executive leadership to determine incident classification, impact severity, and if and what further actions are warranted. Incident responses are overseen by leaders from our Software, Infrastructure Engineering, and Executive team.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|We have strategically embedded cybersecurity risk management within an enterprise-wide framework, ensuring that it permeates across various facets of our operations. This integrated approach encompasses administrative protocols, operational strategies, organizational structures, physical safeguards, and technical measures, all tailored to align with the scope and nature of our business.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]
|During the last fiscal year, 2024, the Company did not encounter any material cybersecurity incidents, nor did it incur any notable expenses as a result.
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Cybersecurity Governance
Cybersecurity holds a significant role within our risk management procedures and remains a focal point for our Board and management. Under the Board's oversight of general risk identification and management activities, the Audit Committee monitors cybersecurity risks. Committee members engage in comprehensive discussions with management regarding these risks, as well as the measures taken to safeguard the company's information systems and security, along with reviewing management's steps towards data privacy protection. Additionally, the Audit Committee receives annual cybersecurity updates from senior management, covering both existing and emerging risks, management's responses and mitigation efforts, any cybersecurity or data privacy incidents, and the status of key information security initiatives. Furthermore, our Board members regularly hold informal discussions with management about cybersecurity news events and any updates to our cybersecurity risk management and strategy programs.
The leadership of our cybersecurity risk management and strategy is guided by experts from our Software, Infrastructure Engineering, and Executive teams. With backgrounds spanning: information technology, security, systems, programming, and corporate strategy, these individuals are equipped to oversee prevention, detection, mitigation, and remediation of cybersecurity incidents. They actively engage in managing our cybersecurity risk processes, including executing our incident response plan, and regularly report relevant matters to the executive management and the Audit Committee.
We carry insurance that provides protection against the potential losses arising from a cybersecurity incident. However, there is no assurance that our insurance coverage will cover, or be sufficient to cover, all losses or claims that may result from a cybersecurity incident.
Last year
During the last fiscal year, 2024, the Company did not encounter any material cybersecurity incidents, nor did it incur any notable expenses as a result.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Cybersecurity holds a significant role within our risk management procedures and remains a focal point for our Board and management. Under the Board's oversight of general risk identification and management activities, the Audit Committee monitors cybersecurity risks. Committee members engage in comprehensive discussions with management regarding these risks, as well as the measures taken to safeguard the company's information systems and security, along with reviewing management's steps towards data privacy protection. Additionally, the Audit Committee receives annual cybersecurity updates from senior management, covering both existing and emerging risks, management's responses and mitigation efforts, any cybersecurity or data privacy incidents, and the status of key information security initiatives. Furthermore, our Board members regularly hold informal discussions with management about cybersecurity news events and any updates to our cybersecurity risk management and strategy programs.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|The leadership of our cybersecurity risk management and strategy is guided by experts from our Software, Infrastructure Engineering, and Executive teams. With backgrounds spanning: information technology, security, systems, programming, and corporate strategy, these individuals are equipped to oversee prevention, detection, mitigation, and remediation of cybersecurity incidents. They actively engage in managing our cybersecurity risk processes, including executing our incident response plan, and regularly report relevant matters to the executive management and the Audit Committee.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef