Page last updated on August 22, 2024
COTY INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-08-20 16:40:47 EDT.
Filings
10-K filed on 2024-08-20
COTY INC. filed a 10-K at 2024-08-20 16:40:47 EDT
Accession Number: 0001024305-24-000035
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
Item 1C. Cybersecurity. Risk management and strategy We have developed and implemented a cybersecurity risk management program intended to protect the confidentiality, integrity, and availability of our critical systems and information. We continuously assess and strategically invest to improve the resiliency of our information security systems in a dynamic cybersecurity landscape. Our assurance practices are based on internationally recognized standards as implemented by our Global Information Security Team, which is responsible for managing our Security Operations Center. Our cybersecurity risk management program includes protocols for preventing, detecting and responding to cybersecurity incidents, and cross-functional coordination and governance of business continuity and disaster recovery plans. In addition to assessing our own cybersecurity preparedness, we also consider and evaluate cybersecurity risks associated with our third-party service providers and vendors. We engage internal and external assessors, consultants, auditors, and other third-party experts, to identify opportunities for improvements to our cybersecurity risk management program. The Global Information Security Team has implemented processes to manage and report various security threats, including escalation procedures based on the nature and severity of the incident including, where appropriate, escalation to our Cybersecurity Special Committee, Audit and Finance Committee (“AFC”) and Board of Directors. We conduct cybersecurity incident simulations on a regular basis, including involvement of the Cybersecurity Special Committee, along with various tabletop exercises designed to test our incident response procedures, identify gaps and improvement opportunities and exercise team preparedness. Cybersecurity training and safety are fundamental pillars to our overarching global information security strategy. The Global Information Security Team periodically shares security tips and best practices for all employees to raise awareness around digital security and routinely conducts phishing simulations and testing scenarios to complement required employee trainings on cybersecurity fundamentals, awareness, common threats and data loss prevention. As of the date of this report, we have not identified cybersecurity threats that have materially affected or are reasonably likely to materially affect our operations, business strategy, results of operations, or financial condition. We may face risks from cybersecurity threats that, if realized, are reasonably likely to materially affect our operations, business strategy, results of operations, or financial condition. See “Risk factors related to our information technology and cybersecurity systems” included as part of Item 1A. Risk Factors of this Annual Report on Form 10-K, which disclosures are incorporated by reference herein. Governance 28 Management is responsible for understanding and managing the risks that we face in our business, including relating to cybersecurity, and the Board of Directors is responsible for overseeing management’s overall approach to risk management. Our Board of Directors has delegated to the AFC oversight responsibility for cybersecurity and data privacy, including periodically evaluating the Company’s cybersecurity and privacy programs and receiving information on cybersecurity and privacy compliance. The chair of the AFC reports to the full Board of Directors following its regularly scheduled meetings. Our Board of Directors also has a dedicated Cybersecurity Special Committee that is empowered to manage the Company’s response to major cybersecurity incidents and enable the integration of crisis management and business continuity processes. The Cybersecurity Special Committee, led by our Chief Information and Business Services Officer and two Board members (including the Chair of the AFC), consists of executive members from various corporate functions, including information technology, digital operations, corporate affairs, legal, compliance, human resources and finance. Outside cybersecurity experts periodically present to the Board on topics related to information security, data privacy and cyber risks and mitigation strategies. At the management level, our Global Information Security Team monitors alerts and informs relevant global senior management of all incidents and related mitigation and remediation, and escalates to the Cybersecurity Special Committee as needed. Global senior management monitors initiatives to prevent, detect, mitigate, and remediate cybersecurity risks and incidents.
Company Information
| Name | COTY INC. |
| CIK | 0001024305 |
| SIC Description | Perfumes, Cosmetics & Other Toilet Preparations |
| Ticker | COTY - NYSE |
| Website | |
| Category | Large accelerated filer |
| Fiscal Year End | June 29 |