INSPERITY, INC. 10-K Cybersecurity GRC - 2024-02-08

Page last updated on July 16, 2024

INSPERITY, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-08 20:29:01 EST.

Filings

10-K filed on 2024-02-08

INSPERITY, INC. filed a 10-K at 2024-02-08 20:29:01 EST
Accession Number: 0001000753-24-000012

Item 1C. Cybersecurity.

We recognize the critical importance of developing, implementing, and maintaining a robust cybersecurity risk management, strategy, and governance program in order to safeguard the confidentiality, integrity, and availability of our systems and information.

Board Oversight of Cybersecurity Matters

Our Board has established oversight mechanisms to help ensure effective governance in managing risks associated with cybersecurity threats.

In addition to the updates that our Board receives on cybersecurity matters, the Board’s Finance, Risk Management and Audit Committee (the “FRMA Committee”) is tasked with overseeing enterprise risk management. The FRMA Committee reviews and discusses major risk exposures with management, including cybersecurity risks, and steps management has taken to monitor and control such exposures, including our guidelines and policies concerning risk assessment and management.

Management of and Reporting on Cybersecurity Matters

Our management assumes responsibility for assessing, identifying, and managing cybersecurity risks, threats, and incidents.

In particular, our Senior Vice President of Innovative Technology Solutions (“SVP-ITS”) is responsible for our overall technology strategy, including overseeing our information security function and plays a pivotal role in assessing and managing all cybersecurity risks, threats, and incidents. The SVP-ITS reports directly to our President and Chief Operating Officer (“President and COO”) and maintains regular dialogue with our President and COO and other key members of our senior management to ensure these individuals are appropriately apprised of our latest cybersecurity posture and developments, such as new threats, incidents, risks, and risk management solutions. Our SVP-ITS prepares reports for each regular Board meeting regarding significant developments in these topics to support the Board in its efforts to have appropriate information to exercise oversight on critical cybersecurity issues. Our current SVP-ITS has decades of experience overseeing leading systems and software development efforts with critical cybersecurity components.

The SVP-ITS is supported by dedicated information technology and security personnel and resources, including team members that have numerous cybersecurity certifications. Collectively, these personnel and resources allow us to strategically integrate cybersecurity into our broader risk management framework and decision-making process.

We also have an Enterprise Risk Management Steering Committee (the “ERM Steering Committee”), which is responsible for formally identifying and evaluating risks that may affect our ability to execute our corporate strategy and fulfill our business objectives, including cybersecurity risks. The ERM Steering Committee is chaired by the Company’s chief financial officer and includes the Company’s SVP-ITS, general counsel, internal audit director, and other members of management. The ERM Steering Committee conducts an annual comprehensive risk review of our overall risk profile and analyzes any significant identified risks, including consideration of risks relating to cybersecurity matters, which the ERM Steering Committee then presents and discusses with the FRMA Committee and the entire Board. In addition to the formal annual review, members of the ERM Steering Committee review and provide periodic updates as appropriate regarding our overall risk profile and any significant identified risks to both the FRMA Committee and the entire Board.

We have processes in place that we believe are designed to allow our information security team and management to be informed of and monitor the prevention, detection, mitigation, and remediation of cybersecurity risks. These processes include establishing a formal incident response team, penetration testing, system vulnerability scanning, phishing simulations, tabletop exercises, employee security and compliance training, disaster recovery planning, and other exercises to evaluate the effectiveness of our information security program and improve our security measures and planning.

Engagement of Third Parties on Risk Management

Recognizing the complexity and evolving nature of cybersecurity threats, we engage with a range of external experts, including cybersecurity consultants and systems auditors, in evaluating and testing our risk management systems. Our collaboration with these third parties includes regular audits, threat and vulnerability assessments, incident response plan design and testing, penetration testing, and consultation on improving our defense-in-depth security posture.

Overseeing Third-Party Risk

We have processes in place designed to help us identify and oversee cybersecurity risks associated with our use of vendors, service providers, business partners, and other third parties that process our data on our behalf or have access to our systems. These processes include a vendor management policy designed to identify and consider potential risks from third parties as part of the vendor section process, which considers vendor cybersecurity standards and other factors based on the nature of the services that the vendor will provide.

Impact on the Company

We have experienced, and may continue to experience, cyber incidents in the normal course of our business. However, prior cybersecurity incidents have not had a material adverse effect on our business, financial condition, results of operations, or cash flows. For further discussion, see Item 1A. “Risk Factors - Disruptions of our information technology systems could damage our reputation and materially disrupt our business operations” and Item 1A. “Risk Factors - We could be subject to reduced revenues, increased costs, liability claims, or harm to our competitive position as a result of data theft, cyberattacks or other security vulnerabilities.”


Company Information

NameINSPERITY, INC.
CIK0001000753
SIC DescriptionServices-Help Supply Services
TickerNSP - NYSE
Website
CategoryLarge accelerated filer
Fiscal Year EndDecember 30