PLEXUS CORP 10-K Cybersecurity GRC - 2024-11-15

Page last updated on November 15, 2024

PLEXUS CORP reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-11-15 08:05:54 EST.

Filings

10-K filed on 2024-11-15

PLEXUS CORP filed a 10-K at 2024-11-15 08:05:54 EST
Accession Number: 0000785786-24-000074

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Information Technology & Security Risk Management Information security and data privacy risk management, including cybersecurity, is integrated into and aligns with our Enterprise Risk Management (“ERM”) processes. Our information protection and privacy program incorporates administrative, technical and physical safeguards, and incorporates various cybersecurity and internal control frameworks to protect information assets, manage data privacy and ensure compliance with laws and industry standards. We leverage the National Institute of Security and Technology (“NIST”) Cybersecurity Framework (“CSF”), among others, to provide a strategic and adaptable approach to managing evolving cyber risks. This framework assists in assessing and improving our security posture by identifying vulnerabilities and prioritizing investments or improvements. We maintain a cybersecurity incident response plan to assist in the assessment and management of cybersecurity incidents. The plan includes tactical playbooks and crisis response procedures based on incident severity and materiality impact. These crisis response procedures include escalation to the Audit Committee and the full Board of Directors, where appropriate. Our incident response plan is periodically tested through tabletop exercises, the results of which are reported to the Audit Committee. Cybersecurity Governance & Oversight Our Chief Information & Technology Officer (“CITO”), who reports directly to the President and Chief Executive Officer (“CEO”), directs our global information technology vision and long-term strategies. Under the direction of the CITO, the Director of Cybersecurity leads our enterprise-wide cybersecurity program and oversees a dedicated global cybersecurity team that monitors, assesses and mitigates material risks from various cybersecurity threats. This team leads critical efforts to drive readiness, awareness and learning across the organization, including management of a 24x7x365 Cybersecurity Operations Center for detection and response capabilities; maintaining a cybersecurity awareness learning management system; and third party assessments and audits, penetration tests and “red team” assessments to evaluate the effectiveness of cybersecurity controls and identify areas of cybersecurity risk. The Director of Cybersecurity is a seasoned cybersecurity expert with over 18 years of cybersecurity experience combined within the United States Department of Defense and Electronic Manufacturing Services industry. The Company’s Director of Cybersecurity holds industry-recognized cybersecurity certifications, a Bachelor of Science degree in Cybersecurity and a Master of Science degree in Cybersecurity Management and Policy. Our executive-level Security Steering Committee provides oversight of cybersecurity, data governance and privacy programs. This Committee is made up of select executives including the General Counsel, Chief Administrative Officer and Secretary (“CAO”); Chief Operating Officer; and CITO. The Security Steering Committee provides oversight and ensures program alignment to Plexus’ strategic goals. The committee serves to provide awareness and guidance to prioritization, organizational alignment and enablement of resources to minimize risk to Plexus’ operations, brand and reputation. The Security Steering Committee, through the Director of Cybersecurity and the CITO, reports to a broader Information Technology (“IT”) Steering Committee, which includes the President and CEO and Chief Financial Officer. On at least an annual basis, and on topical information security matters more frequently as determined by the Board of Directors or management, the Audit Committee reviews the effectiveness of IT risk governance and management, including those relating to business continuity, cybersecurity, malware, regulatory compliance and data management. These reviews also include reviewing the appropriateness of resources (people and financial) devoted to information technology requirements. The CITO and Director of Cybersecurity also brief the Audit Committee quarterly on cybersecurity matters, including specific risks, mitigation plans, risk management and governance. The Audit Committee reports to the full Board of Directors on these discussions as appropriate. Further, the Board of Directors is briefed periodically (at least annually) on our overall IT strategy, including cybersecurity, to ensure alignment with the business, review of assets and infrastructure, and trends, key risks and initiatives. Impact of Cybersecurity Threats As of the date of this report, we believe that risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have not or are not reasonably likely to materially affect us, including our business strategy, results from operations, or financial condition. Despite our cybersecurity measures, there can be no assurance that we, or the third-parties we interact with, will not experience a cybersecurity incident in the future that will materially affect us. As part of our overall risk mitigation strategy, we maintain insurance coverage that is intended to address certain aspects of cybersecurity risks; however, such insurance may not be sufficient in type or amount to cover us against claims related to cybersecurity breaches, cyberattacks, and other related breaches. Refer to the discussion in “Risk Factors” in Part I, Item 1A herein for further details on cybersecurity and information technology risks that could adversely affect our business, results of operation and financial conditions.

Company Information