Page last updated on August 9, 2024
CIMPRESS plc reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-08-09 13:18:49 EDT.
Filings
10-K filed on 2024-08-09
CIMPRESS plc filed a 10-K at 2024-08-09 13:18:49 EDT
Accession Number: 0001262976-24-000064
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
Item 1C. Cybersecurity We have policies, procedures, and processes for assessing, identifying, and managing cybersecurity risks, which are defined and managed by Cimpress’ central security and privacy team and are designed to help protect our information assets and operations from internal and external cyber threats and secure our networks and systems. Our cybersecurity processes include procedural and technical safeguards, response plans, regular vulnerability and penetration tests on our systems, incident simulations, and routine reviews of our policies and procedures to identify risks and improve our practices. Our cybersecurity incident response plan is designed to help coordinate our response to, and recovery from, cybersecurity incidents, and includes processes to assess the severity of, escalate, contain, investigate, and remediate incidents as well as to comply with applicable legal obligations. We have security policies that apply to all employees worldwide, and we conduct annual employee trainings on data protection, cybersecurity, and incident prevention, which covers timely and relevant topics, including social engineering, phishing, password protection, confidential data protection, asset use, and mobile security. In addition to our internal penetration testing and vulnerability management program, we engage an external party to simulate attacks on our systems to test our defenses and response. We also use a third-party vendor risk assessment platform to score vendors’ cybersecurity vulnerabilities and provide suggested mitigations. The Audit Committee of our Board of Directors oversees cybersecurity risk and receives regular updates from our Vice President and Chief Security and Privacy Officer on these risks, risk management activities, incident response plans, best practices, the effectiveness of our security measures, and other related matters. Our Vice President and Chief Security and Privacy Officer, who reports to our Chief Technology Officer, leads our central security and privacy team, which works in partnership with each of our businesses and the corporate center to measure security maturity and risk and provides managed security services in a way that allows each business to address their unique challenges and become more efficient in using their resources. We have processes and policies for the escalation of cybersecurity incidents to the central security team, evaluation of the materiality of the incidents, and coordination of our response as needed across businesses and operations. Our Chief Security and Privacy Officer has more than 20 years of privacy and data security experience, including a series of roles in Cimpress over the last 15 years, the last two and a half years of which have been spent leading the central security and privacy team. Although risks from cybersecurity threats have to date not materially affected us, our business strategy, results of operations or financial condition, we have, from time to time, experienced threats to and breaches of our and our third-party vendors’ data and systems. See Part I, Item 1A, Risk Factors, in this Annual Report for a discussion of cybersecurity risks.
Company Information
| Name | CIMPRESS plc |
| CIK | 0001262976 |
| SIC Description | Commercial Printing |
| Ticker | CMPR - Nasdaq |
| Website | |
| Category | Large accelerated filer |
| Fiscal Year End | June 29 |