Seagate Technology Holdings plc 10-K Cybersecurity GRC - 2024-08-02

Page last updated on August 2, 2024

Seagate Technology Holdings plc reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-08-02 16:20:12 EDT.

Filings

10-K filed on 2024-08-02

Seagate Technology Holdings plc filed a 10-K at 2024-08-02 16:20:12 EDT
Accession Number: 0001137789-24-000068

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Risk Management and Strategy We have implemented a cybersecurity risk management program designed to identify, assess and manage material risks from cybersecurity threats based on relevant industry standards. The cybersecurity program is reviewed at least annually by the Audit and Finance Committee (as defined below) and organizational leaders, as well as whenever there is a material change in our business practices or a change in applicable law that may reasonably affect our response procedures. In addition, we regularly assess the design and operational effectiveness of the program’s key processes and controls, including our preparedness to respond to cybersecurity incidents that may adversely affect the confidentiality, integrity or availability of our information systems or any information residing therein. Cybersecurity risk management is an important part of our overall risk management efforts. We conduct mandatory cybersecurity awareness training for all employees, regardless of level or title, each year and provide additional training for designated roles, such as incident response personnel and senior management, on a case-by-case basis. We perform enterprise and site tabletop exercises annually to test our incident response procedures, identify gaps and improvement opportunities and exercise team preparedness. Information about cybersecurity risks and our risk management processes is collected, analyzed and considered as part of our overall risk management program. We periodically engage independent security firms and other third-party experts, where appropriate, to assess, test and certify components of our cybersecurity program, and to otherwise assist with aspects of our cybersecurity processes and controls. As part of our overall risk mitigation strategy, we maintain insurance coverage that is intended to address certain aspects of cybersecurity risks, however, such insurance may not be sufficient in type or amount to cover us against claims related to security breaches and incidents, cyberattacks and other related matters. In addition, we maintain a third-party cyber risk management process for vendors including, among other things, a security assessment and contracting program for vendors based on our assessment of their risk profile and periodic monitoring regarding adherence to applicable cybersecurity standards. We require our third-party service providers and suppliers to implement and maintain appropriate security measures commensurate with their risk profile and the scope of work being performed. We reassess third-party risk profiles periodically, request changes as we deem necessary based on that review, and require all third parties to promptly report any suspected breach of their security measures that may affect us. As of the date of this report, we have not identified any cybersecurity threats that have materially affected or are reasonably likely to materially affect our business strategy, results of operations or financial condition. Despite our security measures, however, we are unable to eliminate all cybersecurity threats. Accordingly, there can be no assurance that we have not experienced undetected security breaches or incidents, or that we will not experience a security breach or incident in the future. For additional information about these risks, see Part I, Item 1A, “Risk Factors” in this Annual Report on Form 10-K. Governance Our Board of Directors (the “Board”) considers cybersecurity risk as part of its risk oversight function and has delegated to the Audit and Finance Committee of the Board (the “Audit and Finance Committee”) oversight of cybersecurity and other information technology risks, including our plans designed to mitigate cybersecurity risks and to respond to data breaches. The Audit and Finance Committee receives regular reports (at least quarterly) from our Chief Information Security Officer (“CISO”) and our Senior Vice President and Chief Information Officer (“CIO”) on cybersecurity matters. These reports include a range of topics, including, as applicable, our cybersecurity risk profile, the current cybersecurity and emerging threat landscape, the status of any ongoing cybersecurity or other enterprise security risk management initiatives, incident reports and the results of internal and external assessments of our information systems. The Audit and Finance Committee also annually reviews the adequacy and effectiveness of our information and technology security processes and the internal controls regarding information and technology security and cybersecurity, and periodically receives updates from our internal audit function on the results of our cybersecurity audits and related mitigation activities. The Audit and Finance Committee reports to the Board regarding its activities, including those related to cybersecurity. The Board also receives a briefing from management on our cyber risk management program at least annually. Board members receive presentations on cybersecurity matters from our CISO and CIO, information security team or external experts as part of the Board’s continuing education on topics that impact public companies. At the management level, our CISO leads our enterprise-wide cybersecurity program, and is responsible for assessing and managing our material risks from cybersecurity threats. In performing his role, our CISO is informed about and monitors the prevention, detection, mitigation and remediation of cybersecurity risks and incidents through various means, which may include, among other things, briefings with internal security personnel, threat intelligence and other information obtained from governmental, public or private sources, including external consultants engaged by us, and alerts and reports produced by security tools deployed in our IT environment. Our CISO reports to our CIO who, in turn, reports directly to our CFO. Our CISO is an experienced cybersecurity executive with more than 20 years of experience building and leading cybersecurity, risk management, and information technology teams.

Company Information