KEY TRONIC CORP 10-K Cybersecurity GRC - 2024-10-15

Page last updated on October 15, 2024

KEY TRONIC CORP reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-10-15 15:37:24 EDT.

Filings

10-K filed on 2024-10-15

KEY TRONIC CORP filed a 10-K at 2024-10-15 15:37:24 EDT
Accession Number: 0000719733-24-000113

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. CYBERSECURITY Risk Management and Strategy We have developed and implemented cybersecurity processes to assess, identify and manage material risks from cybersecurity threats. These processes are based on the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) and are designed to protect the integrity and security of our information systems. Our cybersecurity processes are a part of our risk management system, sharing governance processes and reporting structures with other components of our enterprise-wide system. Our cybersecurity processes include security monitoring and threat hunting through a third-party managed vendor and mandatory, Company-wide employee training. Our cybersecurity processes also extend to the oversight and identification of risks associated with our vendors and customers if their computer systems interface with our information systems. Upon detection of a potentially material cybersecurity incident, such as the Previously Disclosed Cyber Incident, we activate our cyber incident procedure to investigate, contain and remediate the incident. Depending on the extent and severity of the incident, we have, and may in the future, engage third-party cybersecurity consultants to assist with our cyber incident procedure. Risks from cybersecurity threats, including as a result of the Previously Disclosed Cyber Incident, have materially affected us, including our results of operations and financial condition. We continue to face risks from this and other cybersecurity threats that, if realized, are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition. See “Risk Factors - Technology Risks.” Governance Our Board of Directors is responsible for the oversight of risk management for the Company, including the review and assessment of the Company’s enterprise risk management approach and processes. Our Board of Directors has delegated certain responsibility for the oversight of risks from cybersecurity threats to the Audit Committee. At each regularly scheduled quarterly meeting, and more frequently as necessary, management provides updates to the Audit Committee and our Board of Directors regarding the risks from cybersecurity threats. These updates include information regarding cybersecurity strategies, management structure, mitigation activities and an analysis of any actual or potential cybersecurity incidents. 17 Our management team, including our Chief Executive Officer and Executive Vice President of Quality and Information Systems, is responsible for assessing and managing our material risks from cybersecurity threats. In particular, our EVP of Quality and Information Systems, who reports directly to our Chief Executive Officer, oversees the implementation of controls designed to prevent, detect, mitigate and recover from cybersecurity threats and cybersecurity incidents. Our current EVP of Quality and Information Systems has a Bachelor of Science degree in Mechanical Engineering and over 14 years of experience building and executing information system strategies. The other members of our management team do not have specialized information systems or cybersecurity backgrounds but have general experience managing financial, legal and operational risks. Our EVP of Quality and Information Systems, along with his team, routinely monitors the Company’s information systems for cybersecurity threats and will be notified upon the occurrence of a potential cybersecurity incident. Upon detection of a potentially material cybersecurity incident, such as the Previously Disclosed Cyber Incident, management will inform the Audit Committee and/or our Board of Directors and, if the incident is deemed material, will disclose the incident pursuant to SEC rules and regulations. 18

Company Information