ENERGIZER HOLDINGS, INC. 10-K Cybersecurity GRC - 2024-11-19

Page last updated on November 19, 2024

ENERGIZER HOLDINGS, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-11-19 14:42:30 EST.

Filings

10-K filed on 2024-11-19

ENERGIZER HOLDINGS, INC. filed a 10-K at 2024-11-19 14:42:30 EST
Accession Number: 0001632790-24-000102

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Cybersecurity Risk Management and Strategy We recognize the importance of information security and we are committed to protecting and preserving the confidentiality, integrity and continued availability of the information we own or that is in our care. We have developed and implemented a cybersecurity program that strives to comply with applicable industry standards, and we assess our program against the National Institute of Standards and Technology (NIST) Cybersecurity Framework. Our enterprise risk management framework considers cybersecurity risk alongside other applicable risks as part of our overall risk assessment process. Within our comprehensive enterprise risk management framework, our cybersecurity program is led by the Company’s Vice President and Chief Information Officer (“CIO”) and is overseen by the Company’s Executive Vice President and Chief Financial Officer (“CFO”). The program includes the following processes, activities and resources to identify, assess, manage, and mitigate our cybersecurity threats: - An IT security team responsible for managing our cybersecurity risk, assessment processes, security controls, and responses for security breaches and cyberattacks; - A cyber incident response plan that provides controls and procedures for responding to cybersecurity incidents and for timely and accurate reporting of any material cybersecurity incident; - The use of external service providers, where appropriate, to assess, perform tabletop exercises, or otherwise assist with aspects of our security controls designed to anticipate cyberattacks and respond to breaches. Procedures include annual internal vulnerability scans and external penetration tests; - Annual cybersecurity training for all employees to provide a better understanding of the issues and risks related to cybersecurity. We realize that cybersecurity is not just the job of the IT security team; the Company and all employees play a critical role in managing the risk; - Periodic phishing testing and other exercises performed by our IT department to test our systems and reinforce the training provided to all colleagues to ensure our employees remain vigilant and compliant with expectations; - Easy-to-use tools to report potential phishing emails; and - A third-party cybersecurity risk management process for service providers, suppliers, and vendors performed throughout the year. We have not identified any risks from known cybersecurity threats, including any prior cybersecurity incidents, that have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition. For a discussion on the Company’s cybersecurity related risks, see “Risk Factors - We rely significantly on information technology and any inadequacy, interruption, theft or loss of data, malicious attack, integration failure, failure to maintain the security, confidentiality or privacy of sensitive data residing on our systems or other security failure of that technology could harm our ability to effectively operate our business and damage the reputation of our brands” and “Risk Factors - Our business is subject to increasing government regulations in both the U.S. and abroad that could impose material costs” and other risk factors contained in Part 1, Item 1A of this Annual Report on Form 10-K. Cybersecurity Governance The Audit Committee of our Board of Directors is tasked with providing oversight of cybersecurity risk. The Audit Committee receives regular briefings from the CIO regarding the Company’s cybersecurity program, cyber threats, and the results of exercises and response readiness assessments performed by outside advisors that assess our cybersecurity program and internal response preparedness, and to receive periodic briefings on cyber threats and our cybersecurity program. The full Board meets with the CIO at least annually to review the Company’s cybersecurity program. Our CIO is responsible for assessing and managing our material risks from cybersecurity threats. The IT security team is led by our CIO, who has significant experience across information security, infrastructure, operations and compliance. The team has 24 ENERGIZER HOLDINGS, INC. CONSOLIDATED STATEMENTS OF CASH FLOWS primary responsibility for our overall cybersecurity risk management program and oversees both our internal cybersecurity personnel and our retained external cybersecurity consultants. Members of our executive leadership team, including our CFO and General Counsel, as well as the other members as needed, supervise efforts to identify, assess, manage and mitigate cybersecurity risks and incidents through various means, including briefings from internal personnel and other information obtained from governmental, public, or private sources, including external consultants engaged by us.

Company Information