Page last updated on December 19, 2024
HEICO CORP reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-12-19 16:55:54 EST.
Filings
10-K filed on 2024-12-19
HEICO CORP filed a 10-K at 2024-12-19 16:55:54 EST
Accession Number: 0000046619-24-000111
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
Item 1C. CYBERSECURITY Overview The Company prioritizes cybersecurity as a strategic pillar integral to its business strategy, risk management, and governance frameworks. The Board of Directors and executive management play an active role in evaluating the effectiveness of our cybersecurity policies, practices, and procedures. Regular updates are provided by the Chief Information Officer to ensure cybersecurity risks are continuously monitored and addressed across all business functions. Our cybersecurity program incorporates policies, procedures, systems, and controls designed to safeguard the accessibility, confidentiality, and integrity of our data and systems. These processes are shaped by industry trends, and the evolving cybersecurity landscape. Cybersecurity Risk Management and Strategy Our cybersecurity program is an integral part of our overall risk management framework and is aligned with recognized industry standards, such as the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF). The cybersecurity program is designed to identify, detect, protect against, respond to, and recover from cyber threats. Our program safeguards the confidentiality, integrity, and availability of our systems and data through a comprehensive and multi-layered approach. We deploy robust controls, including firewalls, anti-malware systems, intrusion detection and prevention, encryption, and access controls. These measures are supplemented by continuous monitoring, vulnerability assessments, and penetration testing conducted both internally and by third-party assessors. Insights from these assessments inform the enhancement of our security controls and help us mitigate emerging threats effectively. We also actively engage with key consultants as part of our continuing efforts to evaluate and enhance the effectiveness of our cybersecurity program. We proactively monitor networks for suspicious activity and collaborate with governmental and industry partners to stay informed on emerging cybersecurity risks. We also 27 Index emphasize a culture of vigilance through regular employee training that includes phishing awareness, malware prevention, and reporting protocols. Governance and Oversight Our governance and oversight framework for cybersecurity risks operates at multiple levels within the organization. The Board of Directors has final oversight responsibility for cybersecurity-related matters and receives regular updates from the Chief Information Officer and senior management on the status of the cybersecurity program, vulnerability assessments, strategic initiatives, and any significant incident response activities. The Chief Information Officer has over 27 years of experience in cybersecurity and is responsible for designing and implementing the organization’s cybersecurity strategy. The cybersecurity program and the Information Security Team are led by the Senior IT Director, who reports to the Chief Information Officer. The Senior IT Director has over 20 years of experience in cybersecurity. The Information Security Team is responsible for security operations, cybersecurity monitoring, application security audits, and responding to incidents through a structured Incident Response Plan. Cybersecurity Risks and Incidents We have experienced cybersecurity incidents in the ordinary course of business and recognize that such incidents are an inherent risk to any organization. While prior incidents have not materially impacted our business strategy, financial condition, or results of operations, we remain vigilant in anticipating and mitigating future threats. Our cybersecurity program is designed to address and minimize the risks posed by evolving threats. However, no system can completely eliminate the possibility of a significant cybersecurity incident. Therefore, we continuously assess and enhance our cybersecurity measures to adapt to the changing threat landscape and ensure organizational resilience. For more information about the potential impact of cybersecurity risks, please refer to Item 1A. Risk Factors. 28 Index
Company Information
| Name | HEICO CORP |
| CIK | 0000046619 |
| SIC Description | Aircraft Engines & Engine Parts |
| Ticker | HEI - NYSEHEI-A - NYSE |
| Website | |
| Category | Large accelerated filer |
| Fiscal Year End | October 30 |