KEWAUNEE SCIENTIFIC CORP /DE/ 10-K Cybersecurity GRC - 2024-06-28

Page last updated on July 16, 2024

KEWAUNEE SCIENTIFIC CORP /DE/ reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-06-28 11:47:17 EDT.

Filings

10-K filed on 2024-06-28

KEWAUNEE SCIENTIFIC CORP /DE/ filed a 10-K at 2024-06-28 11:47:17 EDT
Accession Number: 0000055529-24-000021

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy The Company’s cybersecurity risk management program is integrated into the overall risk management framework, including risk identification, assessment, and mitigation across all business areas. We have collaborated with external consultants and built a cybersecurity program designed to protect and safeguard the integrity of our information systems, which aligns with industry best practices and regulatory requirements. Our cybersecurity program includes systems and processes for assessing, identifying, and managing material risks from cybersecurity threats and include maintenance and monitoring of information security policies aligned with information technology controls, information systems configuration management and infrastructure security systems. We also have implemented processes to oversee and identify such risks from cybersecurity threats associated with the use of third-party service providers. We conduct periodic testing of these controls and systems, including vulnerability scanning and penetration testing. We strive to foster a shared responsibility for the Company’s cybersecurity with all of our employees, conducting periodic phishing simulation campaigns and providing regular, mandatory cybersecurity training. Additionally, we maintain cyber insurance coverage, including protection against social engineering fraud, to further mitigate potential financial losses from cybersecurity incidents. We currently do not believe that any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect the Company, including its business strategy, results of operations or financial conditions. While we do not believe that any such risks have yet to materially affect the Company, the Company cannot guarantee that its ongoing and robust approach towards cybersecurity will be able to prevent all cybersecurity incidents that could have a material effect on the Company in the future. See Item 1A , Risk Factors , for more information on our cybersecurity-related risks. Governance On behalf of the Board of Directors, the Audit Committee provides oversight of the Company’s management of cybersecurity risk. They periodically review and discuss with management, including the Company’s Vice President of Information Technology and Engineering, the Company’s significant financial risk exposures for matters related to cybersecurity risk, including the steps management has taken to monitor and manage such exposures. The Board of Directors also receives prompt and timely information regarding any cybersecurity incident that meets established reporting thresholds, as well as ongoing updates regarding any such incident until it has been addressed. The Company’s Vice President of Information Technology and Engineering leads the overall cybersecurity strategy and risk management program. This includes overseeing risk assessments, developing security policies and procedures, and managing the IT security team. See Item 10 , Directors, Executive Officers and Corporate Governance , for more detail on his education and experience. Senior executives, including the Company’s CEO and CFO, integrate cybersecurity risks into the overall business strategy and financial planning.

Company Information