KULICKE & SOFFA INDUSTRIES INC 10-K Cybersecurity GRC - 2024-11-14

Page last updated on November 14, 2024

KULICKE & SOFFA INDUSTRIES INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-11-14 08:57:09 EST.

Filings

10-K filed on 2024-11-14

KULICKE & SOFFA INDUSTRIES INC filed a 10-K at 2024-11-14 08:57:09 EST
Accession Number: 0000056978-24-000148

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. CYBERSECURITY Cybersecurity Risk Management and Strategy We rely on information systems and the data stored on them to conduct our operations. We have adopted and maintain a cybersecurity risk management program, as a subset of our broader enterprise risk management program, which is designed in accordance with our risk profile and business. Our cybersecurity risk management program has been informed by industry standards, including the National Institute of Standards and Technology Cybersecurity Framework (“NIST CSF”). Our cybersecurity risk management program incorporates multiple components, including, but not limited to, policies, guidelines, procedures, infrastructure, and systems that are designed to protect the confidentiality, integrity and availability of our critical systems and information. Elements of our cybersecurity risk management process include, but are not limited to, the following: - Annual cybersecurity risk assessments of critical infrastructure and systems; - Annual vulnerability scans and penetration testing; - Mandatory, bi-annual cybersecurity awareness training for all employees, including phishing exercises; and - An overarching written information security policy and written cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents. We leverage IT service providers to perform penetration testing and support our cybersecurity awareness training program. We oversee cybersecurity risks related to third-party IT cloud service providers who have access to our systems and data. We require certain IT cloud service providers to complete cloud-based cybersecurity assessments. We have not identified any cybersecurity incidents or threats that have materially affected us or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition. However, like other companies in our industry, we and our third-party vendors have from time to time experienced cybersecurity threats and other security incidents that have affected our information or systems. We have experienced, and expect to continue to be subject to, cybersecurity threats and incidents, ranging from employee error or misuse to individual attempts to gain unauthorized access to information systems, to sophisticated and targeted measures known as advanced persistent threats, none of which have been material to the Company to date. For additional information on certain risks associated with cybersecurity, including with respect to prior cybersecurity incidents, please refer to " We may be subject to disruptions or failures in our information technology systems and network infrastructures that could have a material adverse effect on us " in Item 1A: Risk Factors . Cybersecurity Governance Our Board of Directors (the “Board”) has delegated responsibility for enterprise risk management, including cybersecurity risk oversight, to our Audit Committee (the “Committee”). The Committee receives quarterly information security updates from our Chief Financial Officer and Vice President of Information Technology ( " VP of IT " ). The Committee in turn reports to the full Board regarding its activities, including those related to cybersecurity, on at least a bi-annual basis. The VP of IT has twenty seven years of experience in information technology, fifteen of which have involved IT leadership for various organizations. Our Director, IT Governance and Security (the “Director, IT”) reports to our VP of IT and is responsible for the day-to-day management of our cybersecurity risk management program. The Director, IT has eighteen years of experience in information technology. The Director, IT receives support from our operational team which comprises cybersecurity, IT, controllership, and legal professionals who regularly review cybersecurity matters and evaluate emerging threats, as well as act as first responders to triage any cybersecurity incidents. In the event of a cybersecurity incident, the Committee and Board receive updates from this team on an ad-hoc basis, if appropriate, under our tiered escalation support framework.

Company Information