WEIS MARKETS INC 10-K Cybersecurity GRC - 2024-02-28

Page last updated on July 16, 2024

WEIS MARKETS INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-28 15:55:23 EST.

Filings

10-K filed on 2024-02-28

WEIS MARKETS INC filed a 10-K at 2024-02-28 15:55:23 EST
Accession Number: 0000105418-24-000015

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1c. Cybersecurity: Risk Management and Strategy The Company utilizes information systems to support a variety of business processes and activities in its operations. These systems may be subject to cyber-based attacks or breaches. Some examples of the cybersecurity threats that could negatively impact the Company are credit card skimmers, denial of service attacks, excessive port scans, firewall breach and computer virus outbreak. Cybersecurity risk management is part of Management’s annual risk assessment program. In order to manage the risks associated with cybersecurity threats, the Company maintains a risk-based cybersecurity program consisting of processes, technologies, and controls to assess, identify and manage material risks from cybersecurity threats. While the Company’s information systems are exposed to cybersecurity threats and risks, the Company has not experienced any material cybersecurity incidents affecting its business strategy, results of operations, or financial condition, and any costs or operational impacts related to cybersecurity incidents were immaterial during the period presented. For additional information related to the risks associated with cybersecurity threats, refer to the Information Security, Cybersecurity and Data Privacy Risks section of Item 1a. Risk Factors. Governance Board of Directors Oversight The Company’s Board of Directors is responsible for providing oversight and strategic guidance to management to support the long-term interests of the Company’s shareholders. The Audit Committee is the lead committee of the Board of Directors responsible for oversight of the Company’s risk-based cybersecurity program and bears the primary responsibility for this aspect of the business. As part of this responsibility, the Audit Committee of the Board of Directors annually reviews the Company’s Information Security Incident Response Plan. On a quarterly basis cybersecurity incidents are summarized and reported to the Audit Committee of the Board of Directors which cover any identified cybersecurity incidents, results of third-party vulnerability testing, and key developments in policies. WEIS MARKETS, INC. Item 1c. Cybersecurity: (continued) Management’s Role Managing Risk The Company’s cybersecurity risk management is part of the Company’s Information Security Office, led by the Chief Information Officer. In order to manage the risks associated with cybersecurity threats, the Company has implemented an Information Security Incident Response Plan. The Company engages with a range of third-party experts, including cybersecurity assessors, consultants, and auditors in evaluating and testing its risk management systems. These relationships enable Management to leverage specialized knowledge and insights with respect to the Company’s cybersecurity strategies and processes. The Company’s Information Security Incident Response Plan includes detailed processes and controls related to cybersecurity awareness training for employees, phishing simulations, backup and recovery, response planning, vulnerability management and endpoint protection as well as ongoing cybersecurity requirements for third-party service providers. The framework is regularly reviewed, assessed, and updated. This framework is designed to mitigate risks related to data breaches or other security incidents originating from third parties.
Item 1c. Cybersecurity: (continued) Management’s Role Managing Risk The Company’s cybersecurity risk management is part of the Company’s Information Security Office, led by the Chief Information Officer. In order to manage the risks associated with cybersecurity threats, the Company has implemented an Information Security Incident Response Plan. The Company engages with a range of third-party experts, including cybersecurity assessors, consultants, and auditors in evaluating and testing its risk management systems. These relationships enable Management to leverage specialized knowledge and insights with respect to the Company’s cybersecurity strategies and processes. The Company’s Information Security Incident Response Plan includes detailed processes and controls related to cybersecurity awareness training for employees, phishing simulations, backup and recovery, response planning, vulnerability management and endpoint protection as well as ongoing cybersecurity requirements for third-party service providers. The framework is regularly reviewed, assessed, and updated. This framework is designed to mitigate risks related to data breaches or other security incidents originating from third parties.


Company Information

NameWEIS MARKETS INC
CIK0000105418
SIC DescriptionRetail-Grocery Stores
TickerWMK - NYSE
Website
CategoryLarge accelerated filer
Fiscal Year EndDecember 30