QUAKER CHEMICAL CORP 10-K Cybersecurity GRC - 2024-02-29

Page last updated on July 16, 2024

QUAKER CHEMICAL CORP reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-29 17:01:41 EST.

Filings

10-K filed on 2024-02-29

QUAKER CHEMICAL CORP filed a 10-K at 2024-02-29 17:01:41 EST
Accession Number: 0000081362-24-000020

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. The Company is subject to various cybersecurity risks that could adversely affect our business, financial condition, and results of operations, including intellectual property theft; fraud; extortion; harm to employees or customers; violation of privacy laws and other litigation and legal risk; and reputational risk. Refer to the “Risk Factors” section, which appears in Item 1A of this Report for more information regarding these risks. As of the date of this report, we are not aware of any risks from cybersecurity incidents that have materially affected or are reasonably likely to materially affect our business strategy, results of operations, or financial condition, individually or in the aggregate. Governance The Board, primarily through the Audit Committee, oversees management’s approach to managing cybersecurity risks. Management provides cybersecurity updates to the Audit Committee, at least quarterly, and material cybersecurity incidents are reported to the Board. Quaker Houghton has a dedicated Global Cyber Security team led by the Director, Global Security that is responsible for identifying, assessing, monitoring, managing and communicating the Company’s cybersecurity risks. Collectively this team has decades of dedicated cybersecurity experience with personnel experienced and certified in various disciplines, including data privacy, enterprise risk management, cloud security and ethical hacking. The Global Cyber Security team reports to the Chief Digital Information Officer (“CDIO”), who in turn reports to the Chief Executive Officer (“CEO”). Refer to the “Information about our Executive Officers” section, which appears in Item 4(a) of this report for more information about the CDIO’s relevant professional experience and qualifications. Risk Management and Strategy Key cybersecurity risks are incorporated into our enterprise risk management framework. Our cybersecurity risk management program leverages the National Institute of Standards and Technology (“NIST”) framework, which organizes cybersecurity risk management actions into five categories: identify, protect, detect, respond, and recover. The Company’s cybersecurity risk management program and strategy includes the following: - Cybersecurity Operations Centers - We, along with certain third-parties, operate several global cybersecurity operations centers, which provide 24/7 monitoring and incident response capabilities. In the event of an alert, our cybersecurity operations centers coordinates the investigation and remediation of such alerts. - Partnerships with Cybersecurity Companies - We partner with specialized cybersecurity companies and organizations, leveraging third-party technology and expertise. These partnerships help monitor and maintain the performance and effectiveness of our cybersecurity products. - Annual and Periodic Assessments by Third Parties - Our cyber risk management program undergoes periodic assessments by third parties and including annual penetration and disaster recovery tests. - Policies and Training - We maintain company-wide policies and procedures concerning cybersecurity, which are reviewed and approved by appropriate management members. All employees are required to complete cybersecurity training periodically, with additional specialized trainings for certain roles. We conduct monthly phishing simulation exercises with mandatory training on failure. - Incident Response - In case of a cybersecurity incident, we follow a documented incident response process, which outlines steps from detection to mitigation, recovery, and notification, including notifying senior leadership and the Board as appropriate based on severity. - Third-Party Service Providers - In addition to assessing our own cybersecurity preparedness, we also consider and evaluate cybersecurity risks associated with use of third-party service providers. We assess third party cybersecurity controls through a cybersecurity questionnaire and include security and privacy addendums to our contracts where applicable.


Company Information

NameQUAKER CHEMICAL CORP
CIK0000081362
SIC DescriptionMiscellaneous Products of Petroleum & Coal
TickerKWR - NYSE
Website
CategoryLarge accelerated filer
Fiscal Year EndDecember 30