Gen Digital Inc. 10-K Cybersecurity GRC - 2024-05-15

Page last updated on July 16, 2024

Gen Digital Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-05-15 19:45:16 EDT.

Filings

10-K filed on 2024-05-15

Gen Digital Inc. filed a 10-K at 2024-05-15 19:45:16 EDT
Accession Number: 0000849399-24-000036

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Cybersecurity risk management and strategy We maintain a cybersecurity program designed to protect our systems and data from information security risks, including regular oversight of our programs for security monitoring. Gen has a process for identifying and assessing material risks from cybersecurity threats on a regular basis that operates alongside our broader overall risk assessment process, covering all identified enterprise wide risks. Cybersecurity risk is reviewed quarterly with management and with the board of directors. In addition, we regularly perform evaluations (including independent third-party evaluations) of our security program and our information technology infrastructure and information security management systems. Our processes also address risk and identification of cybersecurity threat risks from our use of third-party service providers. This involves, among other things, conducting pre-engagement risk-based diligence, reviewing security and controls reports, implementing contractual security and notification provisions, and ongoing monitoring as needed. Our information security management system is based upon industry frameworks. Our Chief Information Security Officer (CISO) leads our cybersecurity program, which includes the implementation of controls designed to align with these industry frameworks and applicable statutes and regulations. Our CISO has over 30 years of prior work experience in various roles involving managing information security programs, developing cybersecurity strategy, implementing effective information and cybersecurity initiatives and has been the Head of IT Audit, CISO and CIO at three other companies prior to Gen Digital. He has a Bachelor of Science in Computer Information Systems. We have implemented security monitoring capabilities designed to alert us to suspicious activity and developed an incident response program that includes periodic testing and is designed to restore business operations quickly. In addition, employees participate in mandatory annual training and receive communications regarding the cybersecurity environment to increase awareness throughout the company. We also implemented an enhanced annual training program for specific specialized employee populations, including secure coding training. Governance The Technology and Cybersecurity Committee of the Board has direct oversight to the Company’s (1) technology strategy, initiatives, and investments and (2) key cybersecurity information technology risks against both internal and external threats. The Technology and Cybersecurity Committee is comprised entirely of independent directors, all of whom have experience related to information security issues or oversight and meets and reports to the Board on a quarterly basis. The Audit Committee, which is also comprised entirely of independent directors, considers cybersecurity information technology risks in connection with overseeing our enterprise risk management system, and reports to the Board on enterprise risk management matters on a quarterly basis. We have processes in place for management to report security instances to the Technology and Cybersecurity Committee and Audit Committee as they occur, if material, and to provide a summary multiple times per year of other incidents to the Technology and Cybersecurity Committee. Additionally, our CISO attends each Technology and Cybersecurity Committee meeting and meets regularly with the Board of Directors or the Audit Committee of the Board of Directors to brief them on technology and information security matters. We carry insurance that provides protection against some of the potential losses arising from a cybersecurity incident. In the last fiscal three years, we have not experienced any material information security breach incidences and the expenses we have incurred from information security breach incidences were immaterial. This includes penalties and settlements, of which there were none. We describe whether and how risks from identified cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition, under the heading " Our solutions, systems, websites and the data on these sources have been in the past and may continue to be subject to cybersecurity events that could materially harm our reputation and future sales. " included as part of “Risk Factors” in Item 1A of this Annual Report on Form 10-K, which disclosures are incorporated by reference herein.

Company Information