Page last updated on July 16, 2024
QUANTUM CORP /DE/ reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-06-28 16:36:51 EDT.
Filings
10-K filed on 2024-06-28
QUANTUM CORP /DE/ filed a 10-K at 2024-06-28 16:36:51 EDT
Accession Number: 0000709283-24-000014
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
Item 1C. CYBERSECURITY. Risk Management and Strategy The Company recognizes the importance of being able to assess, effectively respond to and manage material cybersecurity threats and incidents that may compromise the confidentiality, integrity or availability of its information systems, data or network resources. As part of its overall enterprise risk management framework, the Company maintains both a Cyber Incident Evaluation Committee (“CIEC”) and an Incident Response Plan (“IRP”). The Company’s CIEC is managed by its Chief Information Officer (the “CIO”) whose team (the Incident Response Team, or “IRT”) is responsible for leading company-wide cybersecurity strategy, policy, standards, architecture, and processes. The purpose of the IRP is to define procedures for reporting and responding to cybersecurity incidents. It creates objectives for actionable procedures that can be measured, evaluated, scaled and revised as necessary for each specific cybersecurity incident. These objectives are designed to maximize the effectiveness of the Company’s response through an established plan of action and assigning responsibilities to appropriate personnel and/or third-party contractors. If a cybersecurity threat or incident is identified, the IRT will communicate the cybersecurity threat or incident and any damages to the CIEC. The CIEC will assess the materiality of the cybersecurity threat or incident to determine if any public disclosures are required under the SEC’s cybersecurity disclosure rule and make a recommendation to the Board. If deemed necessary, third-party consultants, legal counsel, and assessors will be engaged to evaluate the materiality assessment. The cybersecurity program of the Company interfaces with other functional areas within the Company, including but not limited to the Company’s brands and information technology, accounting, finance, legal and human resources, as well as external third-party partners, where appropriate, to assess, identify and manage potential cybersecurity threats. The Company regularly assesses and updates its processes, procedures and management techniques in light of ongoing cybersecurity developments. Recognizing the complexity and evolving nature of cybersecurity threats, the Company also engages with a range of external experts, including cybersecurity assessors and consultants in evaluating and testing its cybersecurity management systems and IRP. These partnerships enable the Company to leverage specialized knowledge and insights, to assist in updating its cybersecurity strategies and processes to align with industry best practices. The Company’s collaboration with these third parties includes consultation and review of security enhancements. To date, we have not identified risks from cybersecurity threats or incidents, including as a result of any previous cybersecurity incidents, that have materially affected the Company or are reasonably likely to materially affect our operations, business strategy, results of operations, of financial condition. However, the sophistication of and risks from cybersecurity threats and incidents continues to increase, and there can be no assurance that our cybersecurity risk management program and processes, including our IRP, and other preventative actions the Company has taken and continues to take to reduce the risk of cybersecurity threats and incidents and protect its systems and information, will be fully implemented, complied with or successful in protecting against all cybersecurity threats and incidents. For more information on how cybersecurity risk could materially affect the Company’s business strategy, results of operations, or financial condition, please refer to “Item 1A Risk Factors-Risks Related to our Business and Industry-A cybersecurity breach could adversely affect our ability to conduct our business, harm our reputation, expose us to significant liability or otherwise damage our financial results.” Governance Our Board considers cybersecurity risk as part of its risk oversight function. The Board oversees management’s implementation of our cybersecurity risk management program. The Board receives regular reports from the CIEC on our cybersecurity risks. In addition, CIEC updates the Board, as necessary, regarding any material cybersecurity incidents, as well as any incidents with lesser impact potential. The Board also receives briefings from IRT on our cyber risk management program. Board members receive presentations on cybersecurity topics from our CIO, Table of Contents internal security staff or external experts as part of the Board’s continuing education on topics that impact public companies. The CIEC is responsible for assessing and managing our material risks from cybersecurity threats. The team has primary responsibility for our overall cybersecurity risk management program and supervises both our internal cybersecurity personnel and our retained external cybersecurity consultants. Our CIEC’s expertise includes a combined 20 plus years of experience in managing security technologies; designing and implementing security strategies; and risk management and incident response across various industries. Our CIEC supervises efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, which may include briefings from internal security personnel; threat intelligence and other information obtained from governmental, public or private sources, including external consultants engaged by us; and alerts and reports produced by security tools deployed in the IT environment.
Company Information
Name | QUANTUM CORP /DE/ |
CIK | 0000709283 |
SIC Description | Computer Storage Devices |
Ticker | QMCO - Nasdaq |
Website | |
Category | Non-accelerated filer Smaller reporting company |
Fiscal Year End | March 30 |