INSTEEL INDUSTRIES INC 10-K Cybersecurity GRC - 2024-10-24

Page last updated on October 24, 2024

INSTEEL INDUSTRIES INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-10-24 12:18:57 EDT.

Filings

10-K filed on 2024-10-24

INSTEEL INDUSTRIES INC filed a 10-K at 2024-10-24 12:18:57 EDT
Accession Number: 0001437749-24-031988

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy As a component of and integrated into our overall risk management strategy and system, we maintain a cybersecurity risk management program designed to assess, identify, manage and protect our information systems and data from unauthorized access, use, disclosure, disruption, modification or destruction. Our program is based on applicable industry frameworks and standards, including those provided by the National Institute of Standards and Technology, and is comprised of core functions to identify, protect, detect, respond to and recover from cybersecurity threats and events. We constantly monitor cybersecurity threats and test the performance and effectiveness of our cybersecurity program, with the assistance of third-party experts, on an annual and ongoing basis. We recognize the risks associated with the use of vendors, service providers and other third parties that provide information system services to us, process information on our behalf, or have access to our information systems, and the Company has processes in place to oversee and manage these risks. We conduct thorough security assessments of these third-party engagements and maintain ongoing monitoring to ensure compliance with our cybersecurity standards. This monitoring includes both annual and ongoing assessments. As described in “Item 1A. Risk Factors” in this Form 10-K, we are subject to risks from cybersecurity threats that could have a material adverse impact on our business and financial results. As of the date of this report, no risks from cybersecurity threats have materially affected or are reasonably likely to materially affect our business, results of operations, financial condition and cash flows. Governance Our Information Services Department manages our cybersecurity risk management program which is overseen by the Vice President of Information Services. The Vice President of Information Services has a master’s degree in business administration with a focus on technology and has decades of professional experience in cybersecurity threat assessments and detection, applicable technologies, incident response and employee training. Our Information Services Department includes a team of experienced professionals who have developed an Incident Response Policy that is regularly reviewed and updated. The Incident Response Policy establishes the required steps to assess, respond to and limit the impact of an incident, details tactical and strategic team membership and points of contact related to the response process and provides for escalating notifications to senior executives, including the Chairman of the Board and Chief Executive Officer depending on the severity of the threat. The Board of Directors, having ultimate oversight of the company’s cybersecurity risk, receives annual and periodic updates on the cybersecurity program, including those related to material risks and incidents, from the Vice President of Information Services and participates in discussions regarding cybersecurity risks. Cybersecurity information provided to the Board comprises a broad range of topics including, but not limited to, emerging cybersecurity threats, ongoing cybersecurity initiatives, incident reports and compliance with regulatory requirements, industry standards and relevant benchmarking. In addition to Board oversight, we provide mandatory quarterly employee training on how to identify, assess and manage risks from cybersecurity threats.

Company Information