PHIBRO ANIMAL HEALTH CORP 10-K Cybersecurity GRC - 2024-08-28

Page last updated on August 28, 2024

PHIBRO ANIMAL HEALTH CORP reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-08-28 16:42:36 EDT.

Filings

10-K filed on 2024-08-28

PHIBRO ANIMAL HEALTH CORP filed a 10-K at 2024-08-28 16:42:36 EDT
Accession Number: 0001558370-24-012517

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy As a leading global diversified animal health and mineral nutrition company, we are increasingly reliant on information technology systems and infrastructure to conduct critical operations and generally operate our business, which includes using information technology systems to process, transmit and store electronic information, including customer, employee and company data. The use of information technology systems makes us vulnerable to breaches of data security and cybersecurity attacks. For information on the potential risks related to cybersecurity, see “Item 1A. Risk Factors - Risk Factors Relating to Our Business - We may be subject to information technology system failures, network disruptions and breaches in data security.” Although the aggregate impact on our operations and financial condition has not been material to date, the Company has been the target of cybersecurity attacks and expects them to continue as such attacks are becoming more sophisticated and frequent, and the techniques used in such attacks change rapidly. Any such future incidents could have a material impact on our business. Our information security team, headed by our Director of IT Cyber Security and Compliance, who reports to our Chief Information Officer (“CIO”), monitors our technology systems to prevent, detect, mitigate and remediate any cybersecurity incidents. Our enterprise-wide cybersecurity program is aligned with the U.S. National Institute of Standards Technology Cybersecurity Framework and the Israel National Cyber Directorate, and we are members of the New Jersey Cybersecurity and Communications Integration Cell. This collaboration enables us to increase our cybersecurity knowledge, threat awareness, and awareness of cyber incidents within the industry. It also helps us take proactive measures to prevent incidents by defining attack group identifiers and implementing learning and improvement processes. We use tools and techniques to continually assess, monitor, manage, and mitigate security risks to our technology systems. Our processes extend to third-party service providers, who have access to data on our systems. We engage a third party to perform an independent assessment of our cybersecurity penetration test and risk assessment program at least once every two years. Our preventive and protected stratagem include the following: ● Security Operations Center (SOC) and Managed Detection and Response (MDR) services to ensure continuous monitoring and response to potential threats. ● A cyber training and awareness process based on an annual work plan, which includes monthly training, bi-weekly simulations, an interactive magazine sent once a month to all users and a cyber incident simulation for the infrastructure team. The contents are based on relevant market trends. In cybersecurity or privacy incidents, the probable frequency and magnitude of loss are evaluated by the triage team. The incidents are categorized as either high- or low-level severity and communicated to the CIO and Chief Executive Officer and the Senior Vice President, General Counsel and Corporate Secretary (“Legal Counsel”), at which time a determination is made on any additional communication requirements. Our Board of Directors is notified of high-level severity incidents. Our approach to incidents generally includes a process of investigation, learning, and subsequent improvement. In addition, we believe cyber insurance is a key mechanism for supporting and managing critical cyber incidents. Aligning the policy involves a thorough review of our protection layers and processes. Governance Our information technology systems are managed by our CIO. He has over 45 years of experience in digital systems and technology in the animal health, bio-tech pharmaceutical, pharmaceutical and oil and gas industries. He has held multiple leadership roles driving business value for investments in digital solutions. He also spent six years as a leader within internal auditing, providing experience and wisdom in business-driven risk management. The CIO provides periodic reports to the Board of Directors and the executive management team, including our Legal Counsel. These reports include updates on our cybersecurity risks and threats, assessments of our information security program, and any changes in the threat landscape. Our information technology systems are regularly evaluated by internal and external consultants with the results of the review reported to the executive management team and the Board of Directors.

Company Information