EZCORP INC 10-K Cybersecurity GRC - 2024-11-13

Page last updated on November 13, 2024

EZCORP INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-11-13 17:06:47 EST.

Filings

10-K filed on 2024-11-13

EZCORP INC filed a 10-K at 2024-11-13 17:06:47 EST
Accession Number: 0000876523-24-000048

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Cybersecurity Risk Management and Strategy We face various cybersecurity risks, including those related to unauthorized access to and misuse of data, system interruptions, ransomware, malicious software and other threats. Our cybersecurity program incorporates information technology, retail technology and customer products designed to mitigate cyber risks. Our security measures are customized to meet our unique business requirements and encompass firewalls, intrusion detection and prevention systems, encryption and multi-factor authentication. We also engage external experts to enhance and assess our cybersecurity measures in the form of maturity assessments, incident response, penetration testing and other advisory services. We adhere to the practices and standards outlined by the National Institute of Standards and Technology Cyber Security Framework. We employ continual monitoring of our systems and data, managed by an external detection and response firm. In the event of a cyber incident, we maintain an incident response plan coordinated across multiple departments. This strategy is designed for rapid and effective incident management to minimize operational disruption. Our response protocol includes steps for detection, containment, eradication, recovery and post-incident review, including impact on safety, data loss, operational disruption, cost and potential reputational damage. Recognizing our employees as a vital defense mechanism, we provide cybersecurity, privacy and information-handling training. Additionally, we conduct regular phishing exercises to enhance employee vigilance. Our educational programs aim to raise awareness about cyber risks and teach employees to safeguard the Company, our customers and themselves against cyber threats. These programs inform our workforce about the latest cybersecurity dangers and safe online practices, including secure access, phishing awareness, remote work security and reporting suspicious activities. Cybersecurity Governance and Oversight Our cybersecurity governance framework is structured to promote accountability and ongoing enhancement of cybersecurity measures. Management of the cybersecurity program involves cross-functional resources, our Cyber and Technology Risk Committee, an internal multi-departmental committee formed to address cyber and data privacy matters. The cybersecurity program is led by our Chief Information Security Officer (“CISO”) who reports to the Chief Legal Officer. The Internal Audit Department monitors and reviews our cybersecurity initiatives. The Board of Directors is responsible for overseeing and monitoring the material risks facing the Company. The Audit and Risk Committee of the Board is charged with overseeing our risk management framework, including cybersecurity risks. The CISO reports directly to the Audit and Risk Committee on cybersecurity risks on a quarterly basis. To date, we have not identified any cybersecurity threats or incidents that have had or are likely to have a material impact on our business, financial condition or results of operations. Nonetheless, the escalation of cybersecurity threats poses a risk to our systems, networks and products and services, which, despite our efforts to mitigate these risks, may not protect against all incidents. For a detailed discussion on how cybersecurity risks could materially impact our business, see “Part I, Item 1A - Risk Factors.”

Company Information