|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Cybersecurity Risks
We rely on information technology systems and networks to process, transmit, and store electronic information in our operations, including our proprietary business information and that of our customers, suppliers, and employees. We use various information technology systems and networks to manage our operations and maintain effective internal control over financial reporting. We also collect and store sensitive data, including intellectual property, proprietary business information, and personal information of our customers, suppliers, and employees, in our data centers and on our networks. The secure operation of these information technology systems and networks, and the processing and maintenance of this information, are critical to our business operations and strategy.
Despite our security measures, our information technology systems and networks may be subject to damage, disruption, or unauthorized access due to a variety of factors, including cyberattacks by computer hackers, computer viruses, ransomware, phishing, denial-of-service attacks, physical or electronic break-ins, employee error or malfeasance, power outages, natural disasters, or other catastrophic events. Any such damage, disruption, or unauthorized access could compromise our networks and the information stored there could be accessed, publicly disclosed, lost, or stolen. Any such access, disclosure, or other loss of information could result in legal claims or proceedings, liability under laws that protect the privacy of personal information, regulatory penalties, disruption to our operations, damage to our reputation, loss of customers, potential harm to our competitive position, and additional costs to remediate the issue.
Cybersecurity Practices
We have implemented various measures to manage our risk of information technology systems and networks damage, disruption, or unauthorized access, including employee training, monitoring of our systems and networks, maintenance of backup and protective systems, and use of modern endpoint detection and response tools which are integrated into urban-gro’s risk management systems and processes. We also operate in a fully cloud-based environment, which enhances our scalability, flexibility, and resilience and utilize 3rd parties to perform early internal and external vulnerability assessment and risk identification. We have established extensive backup and recovery procedures to ensure the continuity of our operations in a cyber incident. We also maintain cyber liability insurance coverage as part of our comprehensive risk management program. However, these measures may not be sufficient to prevent, detect, or mitigate the impact of such damage, disruption, or unauthorized access. Moreover, the regulatory environment related to information security, data protection, and privacy is increasingly demanding and complex, and compliance with applicable laws and regulations may result in significant costs or require changes in our business practices that could adversely affect our operations.
Cybersecurity Leadership
Our Board of Directors is actively involved in overseeing our cybersecurity risk management. Our Board of Directors receives quarterly updates on our cybersecurity posture, threats, and incidents from our Senior Vice President of Technology, who now serves in a consulting role with the Company. Our Board of Directors also delegates certain oversight functions to our Audit Committee, which reviews our cybersecurity policies, procedures, controls, and audit results. Our Board of Directors and our Audit Committee regularly assess the adequacy of our cybersecurity risk management framework and the effectiveness of our mitigation strategies.
Our cybersecurity operations are led by our consulting Senior Vice President of Technology, who has over 20 years of experience in the field of cybersecurity. He is responsible for developing and implementing our cybersecurity strategy, policies, standards, and practices. He also oversees our cybersecurity team, which includes a staff member who recently completed his master’s degree in cybersecurity. Our cybersecurity team monitors, detects, responds, and reports on cybersecurity threats and incidents, and coordinates with our internal and external stakeholders to ensure the security of our information assets.
urban-gro adheres to the NIST Cybersecurity Framework 2.0, which provides a set of standards, guidelines, and best practices to manage cybersecurity-related risks. We have developed and documented our systems disaster recovery plan, which outlines the roles, responsibilities, and procedures for restoring our critical systems and data in the event of a cyber incident. We have also crafted over 12 internal policies to help maintain a secure environment, such as our information security policy, our data classification policy, our incident response policy, and our password policy. We regularly conduct phishing simulations, vulnerability scans, penetration tests, and audits to test the effectiveness of our controls and backups, and to identify and remediate any gaps or weaknesses in our cybersecurity posture.
Cybersecurity Incidents
Despite our efforts to prevent and mitigate cybersecurity incidents, we cannot guarantee that we will not experience any breaches, disruptions, or unauthorized access to our information technology systems and networks. We have experienced, and may continue to experience, cybersecurity incidents that could have a material adverse effect on our business, financial condition, results of operations, and prospects.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|
Cybersecurity Practices
We have implemented various measures to manage our risk of information technology systems and networks damage, disruption, or unauthorized access, including employee training, monitoring of our systems and networks, maintenance of backup and protective systems, and use of modern endpoint detection and response tools which are integrated into urban-gro’s risk management systems and processes. We also operate in a fully cloud-based environment, which enhances our scalability, flexibility, and resilience and utilize 3rd parties to perform early internal and external vulnerability assessment and risk identification. We have established extensive backup and recovery procedures to ensure the continuity of our operations in a cyber incident. We also maintain cyber liability insurance coverage as part of our comprehensive risk management program. However, these measures may not be sufficient to prevent, detect, or mitigate the impact of such damage, disruption, or unauthorized access. Moreover, the regulatory environment related to information security, data protection, and privacy is increasingly demanding and complex, and compliance with applicable laws and regulations may result in significant costs or require changes in our business practices that could adversely affect our operations.
|Cybersecurity Risk Management Processes Integrated [Text Block]
|We have implemented various measures to manage our risk of information technology systems and networks damage, disruption, or unauthorized access, including employee training, monitoring of our systems and networks, maintenance of backup and protective systems, and use of modern endpoint detection and response tools which are integrated into urban-gro’s risk management systems and processes.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Cybersecurity Leadership
Our Board of Directors is actively involved in overseeing our cybersecurity risk management. Our Board of Directors receives quarterly updates on our cybersecurity posture, threats, and incidents from our Senior Vice President of Technology, who now serves in a consulting role with the Company. Our Board of Directors also delegates certain oversight functions to our Audit Committee, which reviews our cybersecurity policies, procedures, controls, and audit results. Our Board of Directors and our Audit Committee regularly assess the adequacy of our cybersecurity risk management framework and the effectiveness of our mitigation strategies.
Our cybersecurity operations are led by our consulting Senior Vice President of Technology, who has over 20 years of experience in the field of cybersecurity. He is responsible for developing and implementing our cybersecurity strategy, policies, standards, and practices. He also oversees our cybersecurity team, which includes a staff member who recently completed his master’s degree in cybersecurity. Our cybersecurity team monitors, detects, responds, and reports on cybersecurity threats and incidents, and coordinates with our internal and external stakeholders to ensure the security of our information assets.
urban-gro adheres to the NIST Cybersecurity Framework 2.0, which provides a set of standards, guidelines, and best practices to manage cybersecurity-related risks. We have developed and documented our systems disaster recovery plan, which outlines the roles, responsibilities, and procedures for restoring our critical systems and data in the event of a cyber incident. We have also crafted over 12 internal policies to help maintain a secure environment, such as our information security policy, our data classification policy, our incident response policy, and our password policy. We regularly conduct phishing simulations, vulnerability scans, penetration tests, and audits to test the effectiveness of our controls and backups, and to identify and remediate any gaps or weaknesses in our cybersecurity posture.
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Our Board of Directors receives quarterly updates on our cybersecurity posture, threats, and incidents from our Senior Vice President of Technology, who now serves in a consulting role with the Company. Our Board of Directors also delegates certain oversight functions to our Audit Committee, which reviews our cybersecurity policies, procedures, controls, and audit results. Our Board of Directors and our Audit Committee regularly assess the adequacy of our cybersecurity risk management framework and the effectiveness of our mitigation strategies.
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]
|
Cybersecurity Incidents
Despite our efforts to prevent and mitigate cybersecurity incidents, we cannot guarantee that we will not experience any breaches, disruptions, or unauthorized access to our information technology systems and networks. We have experienced, and may continue to experience, cybersecurity incidents that could have a material adverse effect on our business, financial condition, results of operations, and prospects.
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef