Page last updated on July 16, 2024
W.W. GRAINGER, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-22 16:42:01 EST.
Filings
10-K filed on 2024-02-22
W.W. GRAINGER, INC. filed a 10-K at 2024-02-22 16:42:01 EST
Accession Number: 0000277135-24-000011
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
Item 1C: Cybersecurity Risk Management and Strategy Grainger has a cybersecurity team that works to prevent, detect, and respond to cybersecurity threats. The team has implemented processes designed to assess, identify and manage material risks and vulnerabilities to the Company’s security posture, including prioritizing and remediating such risks. The team also works to assess and manage cybersecurity risks by: (i) reviewing cyber risks with senior management, including the Senior Vice President and Chief Technology Officer (CTO); (ii) incorporating cybersecurity in its enterprise risk processes; (iii) establishing regular reviews of cybersecurity risks and mitigation efforts, including with the Audit Committee and the Board; and (iv) using third parties as needed for reviews and testing. Grainger regularly identifies its enterprise risks. Grainger’s cybersecurity team reviews and updates its information security strategy and plans to align cybersecurity prioritization with the identified top enterprise risks. Grainger has developed a cybersecurity risk intake process to facilitate the identification of cybersecurity risks, including those related to third-party vendors. Identified risks are tracked by management, and incorporated into mitigation plans. The management team engaged in the cybersecurity risk management process, including the CTO, has risk management backgrounds, certifications, and/or cyber experience in prior professional roles and at Grainger. The team maintains expertise on cyber risk management through third-party consultants, external trainings, and affiliations with relevant organizations. Grainger has been subject to unauthorized access of systems on which certain supplier, customer, and team member information was stored, which have been deemed immaterial to our business and operations individually and in the aggregate. Grainger, or third-party service providers engaged by Grainger, may be subject to other unauthorized access of information systems in the future. There can be no assurance that any future unauthorized access to or breach of these information systems will not be material to Grainger’s business, operations or financial condition. See Part I, Item 1A: Risk Factors of this Form 10-K. Governance The Audit Committee assists the Board in its oversight of the Company’s Enterprise Risk Management (ERM) program and processes, including with respect to cybersecurity. Both the Board and the Audit Committee regularly review the Company’s risk assessment and management processes and policies and receive regular updates from the Company’s management team members who are responsible for the effectiveness of the Company’s ERM program. As part of its ERM oversight, the Board oversees and regularly reviews the Company’s programs and processes for cybersecurity risks, including the Company’s framework for preventing, detecting, and addressing cybersecurity incidents and identifying emerging risks both broadly and within related industries. The Company’s CTO routinely provides cybersecurity updates to the Audit Committee and information to the Board. The CTO leads an information security team that works to facilitate the protection of the Company’s information and computing assets. 21
Company Information
Name | W.W. GRAINGER, INC. |
CIK | 0000277135 |
SIC Description | Wholesale-Durable Goods |
Ticker | GWW - NYSE |
Website | |
Category | Large accelerated filer |
Fiscal Year End | December 30 |