PARKER HANNIFIN CORP 10-K Cybersecurity GRC - 2024-08-22

Page last updated on August 22, 2024

PARKER HANNIFIN CORP reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-08-22 07:27:08 EDT.

Filings

10-K filed on 2024-08-22

PARKER HANNIFIN CORP filed a 10-K at 2024-08-22 07:27:08 EDT
Accession Number: 0000076334-24-000044

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. Cybersecurity . Cybersecurity Risk Management and Strategy Parker is committed to the protection of the Company’s data, data systems and digital assets while in storage, use or transit. Our cybersecurity program is integrated into our overall Enterprise Risk Management program and exists to secure our information systems and data assets, including those data assets entrusted to us by our stakeholders, and to promote our compliance with applicable laws and regulations. We proactively work to address cybersecurity risk through our Digital & IT Risk Management Program, which focuses on identifying, assessing, responding to, monitoring and remediating cybersecurity-related risks. Parker’s dedicated Cyber Security team utilizes the National Institute of Standards and Technology (NIST) Cyber Security Framework as its primary resource for identifying areas of risk and benchmarking and implementing continuous improvements. Our technical security configuration employs a centrally managed, layered approach, including hardened PCs, endpoint security detection software, email security, firewall appliances, and various network security protections. We employ enhanced security measures for operational technologies and secure account management, including recently adding a secondary anti-malware solution to our existing software to bolster our company-wide defenses. Additionally, we utilize third-party security monitoring services to further improve our 24/7 monitoring capabilities. We also maintain a third-party risk management program designed to oversee, identify, and reduce the potential impact to Parker and our customers of a security incident at a third-party vendor, supplier or other provider. We have adopted comprehensive Information Security Policies and Standards that clearly articulate Parker’s expectations and requirements with respect to acceptable use, risk management, data privacy, education and awareness, security incident management and reporting, identity and access management, third-party management, security (with respect to physical assets, products, networks and systems), security monitoring and vulnerability identification. These policies and standards set forth a detailed security incident management and reporting protocol, with clear escalation timelines and responsibilities. We also maintain a global incident response plan and regularly conduct exercises to help with our overall preparedness. We believe cybersecurity is the responsibility of every team member and provide ongoing mandatory cybersecurity awareness training globally to help team members recognize, avoid and report malicious activity. This includes interactive training to engage team members in identifying phishing risks and their appropriate response. We also provide regular training on data protection so that our team members understand the types of data they have and how to safeguard it. Continuous improvement is a critical aspect of Parker’s cybersecurity program, which is why we integrate security intelligence from internal and external sources to help identify areas for improvement and gap remediation. As a supplement to our internal cybersecurity capabilities and controls, we partner with third-party consultants and advisors to conduct penetration testing and to assess our incident response plan. We periodically undergo a third-party risk assessment and third-party incident response adversarial engagement exercises to strengthen our security profile. We also conduct internal tabletop exercises to prepare for responding to potential cybersecurity events. Parker also maintains cyber security insurance designed to mitigate the impact of any attacks or threats to our business. As of the date of this report, we do not believe that any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect the Company, including its business strategy, results of operations, or financial condition. However, as discussed more fully under Item 1A. “Risk Factors-Business and Operational Risks” of this Form 10-K, cybersecurity threats remain a risk to our business operations. Cybersecurity Governance Management is responsible for assessing and managing material risks from cybersecurity threats with leadership from the Company’s Vice President - Chief Digital and Information Officer (CDIO), who is responsible for the Company’s global Digital, Information Technology and Cyber Security organization. Our CDIO has served in various roles in information technology and information security for over 18 years with Fortune 500 companies. Our CDIO holds Bachelor of Science and Master of Science degrees in Computer Engineering. He has also completed other advanced leadership training and coursework regarding cybersecurity risk management. Our CDIO reports directly to the Chief Executive Officer. Parker’s cybersecurity program is led by our Digital & IT VP - Infrastructure and Security, who functions as our chief information security officer (CISO) and has over 23 years of experience in cybersecurity operations, cybersecurity governance and compliance, risk management, operational technology (OT) and connected products (IoT) with global Fortune 200 and Fortune 500 companies across diverse industries, such as retail, consumer goods, entertainment and manufacturing. The CISO reports to our CDIO and is supported by and receives regular updates from our dedicated Cyber Security team within our IT function, as well as our IT Risk Council, a cross-functional group that meets regularly to optimize our Digital & IT Risk Management Program and promote alignment with our Enterprise Risk Management program. Recognizing the importance of maintaining a secure environment for our products, data and systems that effectively supports our business objectives and customer needs, Parker’s full Board of Directors maintains oversight of cybersecurity. Our Board receives an in-depth report from our CDIO, at least annually, on the overall cybersecurity program, and updates throughout the year from our CDIO and CISO regarding such topics as cyber-risk management and the status of projects to strengthen cybersecurity effectiveness.

Company Information