LSI INDUSTRIES INC 10-K Cybersecurity GRC - 2024-09-11

Page last updated on September 11, 2024

LSI INDUSTRIES INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-09-11 16:03:52 EDT.

Filings

10-K filed on 2024-09-11

LSI INDUSTRIES INC filed a 10-K at 2024-09-11 16:03:52 EDT
Accession Number: 0001437749-24-028964

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C - CYBERSECURITY Risk Management and Strategy We are committed to preserving the trust and confidence of our stakeholders by taking appropriate technical and organizational measures for maintaining information security and data privacy. Our cybersecurity program allows us to assess, identify and manage information security and cybersecurity threats through robust risk assessment and prevention measures to facilitate communication, training, awareness and incident response procedures. We have established policies and procedures to ensure timely and appropriate notifications to relevant parties and regulators as required for cybersecurity threats and data breaches. Our data breach response designates an incident response team comprised of senior leaders within information technology, finance and compliance functions to ensure timely diagnosis and mitigation of cyber events. The incident response team is responsible for determining whether a cybersecurity incident is material and requires current reporting pursuant to SEC Form 8-K Item 1.05 (Material Cybersecurity Incidents). In conducting the assessment, the team considers factors including, but not limited to the probability of an adverse outcome; the potential significance of loss; the nature and extent of harm to individuals, customers, and vendors; the nature and extent of harm to our competitive position or reputation; and the possibility of litigation or regulatory investigations. To ensure our cybersecurity programs adhere to industry best practices, we have adopted the National Institute of Standards and Technology (NIST) Cybersecurity Framework as a guide for our cybersecurity program. The NIST Cybersecurity Framework models the best practices for security and the capabilities needed to identify, protect, detect and respond to cybersecurity risks and events. In addition to the framework, we have a Security Action Committee comprised of the senior leaders of information technology, finance, and compliance that meets regularly to guide the evolution of our cybersecurity program, review potential incidents, and respond to trends in the cybersecurity landscape. We evaluate our physical, electronic and administrative safeguards on a continuous basis to ensure they are effectively deployed across the business. We also engage third-party services to conduct evaluations of our security controls, whether through penetration testing, independent audits or consulting on best practices to address new challenges. These evaluations include testing both the design and operational effectiveness of security controls. Despite the Company’s security measures and programs, our information technology and infrastructure are susceptible to cybersecurity incidents, intrusions and attacks, any of which could have a materially adverse effect on our business, operating margins, revenues and competitive position. See “Part I-Item 1A. Risk Factors” for further discussion of these risks. Governance Our Board of Directors is responsible for the oversight of cybersecurity risks and threats. The Board has delegated certain information security and data privacy oversight to the Audit Committee of the Board. The Audit Committee oversees compliance with information security and data privacy laws and has oversight responsibility for cybersecurity risks related to accounting, audit and financial matters. The Audit Committee and management report to the Board on a periodic basis regarding our information security and data privacy functions, including any cybersecurity threats. The Audit Committee is responsible for oversight of our cybersecurity policy, procedures and risk mitigation. Our information technology (IT) leadership briefs the Audit Committee and the Board of Directors on a periodic basis on information security matters, including the current cybersecurity landscape, progress on information security initiatives and accomplishments, and reports on material cybersecurity incidents, as needed. The Audit Committee is responsible for reviewing our disclosures on cybersecurity risk management, strategy and governance in our Annual Report on Form 10-K. The Audit Committee assists in determining materiality for timely reporting of cybersecurity incidents and is notified immediately if the incident response team has assessed that a material event may have occurred that may require filing an SEC Current Report on Form 8-K. The Chief Information Officer with the support from the Chief Executive Officer and Chief Financial Officer, assisted by our broader IT team, is responsible for setting the strategic direction and priorities for information security, coordination of enterprise-wide compliance with information security policies and procedures, as well as day-to-day information security management. Additionally, information security awareness trainings and testing are a compliance requirement for employees. 15

Company Information