AVIAT NETWORKS, INC. 10-K Cybersecurity GRC - 2024-10-04

Page last updated on October 4, 2024

AVIAT NETWORKS, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-10-04 16:10:43 EDT.

Filings

10-K filed on 2024-10-04

AVIAT NETWORKS, INC. filed a 10-K at 2024-10-04 16:10:43 EDT
Accession Number: 0001377789-24-000043

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity At Aviat, cybersecurity processes, controls and technologies have been implemented to help facilitate the Company’s efforts to identify, assess and manage material risks associated with cybersecurity threats. Risk Management and Strategy The Company has sought to leverage the National Institute of Standards and Technology Cybersecurity Framework (the “NIST CSF”) as a guideline for its cybersecurity framework and to help identify, assess and manage cybersecurity risks related to its business. The Company regularly engages third party experts, including cybersecurity assessors, consultants and auditors to evaluate and test our cybersecurity risk management systems and processes. The Company’s partnership with these third-parties include regular audits and threat assessments. The Company requires all of its third-party information technology vendors to undergo evaluations by the Company’s internal data privacy and data security team as a part of efforts to assess, document and mitigate potential cybersecurity threats associated with the use of such vendors and the software, applications and services they provide. In addition, we undertake ongoing cyber risk assessments as part of our efforts to detect, evaluate and respond to potential cybersecurity threats, including regular testing by our internal information security team. We require all employees and contractors to participate in cybersecurity training designed to enhance their understanding of cyber threats and their ability to identify and escalate potential incidents. Our vulnerability management program is designed to identify, assess, and remediate cybersecurity threats in our systems, such as through penetration testing. Incident Reporting If cybersecurity incidents occur, certain of the Company’s executive leadership team, legal counsel, and Audit Committee would be briefed and a determination would be made as to whether such incident or vulnerability is deemed material to the Company. The Company’s incident response plan is tested annually to assess its operational effectiveness. We conduct an annual “tabletop” exercise during which we simulate cybersecurity incidents to help us prepare to respond to a cybersecurity incident and to identify areas for potential improvement. As of the date of this Annual Report on Form 10-K, the Company does not believe it has encountered, and has not identified any risks from cybersecurity incidents that have materially affected or are reasonably likely to materially affect the Company. However, we acknowledge that cybersecurity threats are continually evolving, and the possibility of future cybersecurity incidents remains. Despite the implementation of our cybersecurity processes, our security measures cannot guarantee that a significant cyberattack will not occur. A successful attack on our information technology systems could have significant consequences to the business. See “Item 1A, Risk Factors,” for additional information about the risks to our business associated with a breach or compromise to our information technology systems. Governance Aviat’s Board of Directors has oversight of the Company’s cybersecurity risk as a component of its risk management. This includes prioritization of cybersecurity risks and the allocation of resources. The Board of Directors receives regular updates on the Company’s cybersecurity program. The Board of Directors have delegated its responsibility for risk management oversight to the Audit Committee, which regularly reviews Aviat’s cybersecurity program with the Company’s management. The Company’s management, including its Senior Director of Information Technology, Chief Financial Officer, and General Counsel, provide the Board of Directors updates regarding current and emerging cybersecurity threats, status of ongoing cybersecurity initiatives, certain incident reports and events, remediation efforts, and compliance with regulatory and industry standards. The Company’s Senior Director of Information Technology is primarily responsible for assessing and managing our material risks from cybersecurity threats, monitoring the effectiveness of our cybersecurity detection and response processes in countering current threats and providing updates to the executive team. 33

Company Information