Limoneira CO 10-K Cybersecurity GRC - 2024-12-23

Page last updated on December 24, 2024

Limoneira CO reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-12-23 16:06:03 EST.

Filings

10-K filed on 2024-12-23

Limoneira CO filed a 10-K at 2024-12-23 16:06:03 EST
Accession Number: 0001342423-24-000035

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Cybersecurity Risk Management & Strategy Cybersecurity is an on-going risk to our business. We rely on complex information technology systems and networks to conduct business, including communicating with employees and our packing facilities, sourcing citrus from third-party growers and suppliers, selling and shipping our products and reporting results of operations. While we employ resources to monitor and protect our technology infrastructure and sensitive information, these security measures or those of our third-party vendors may not prevent all attempted security breaches or cyber-attacks. A substantial disruption to our or our third-party vendors’ information technology systems, whether caused by a significant cyber incident or other unforeseen events, could adversely affect our operations. The Company is committed to managing cybersecurity risks through ongoing vigilance and enhancement of our cybersecurity policies, procedures, and practices, extending to the safeguarding of sensitive information belonging to the Company, our growers and suppliers, customers, and employees. Through the execution of a leading-practice, risk-based strategy, we are enhancing capabilities to further protect our critical assets by implementing preventive and detective controls and performing continuous security monitoring and active threat response activities. The enhancement of the Company’s cybersecurity risk management strategy and related procedures is a continuous activity to ensure the appropriate identification, assessment, and response to risks from cybersecurity threats that may adversely impact our operations. This includes our development and operationalizing of third-party security requirements, incident response procedures, and employee training and awareness programs to improve cybersecurity hygiene throughout our organization. Additionally, we proactively seek input from third-party cybersecurity consultants to independently evaluate our systems and processes, further identify risks and aid us in strengthening our defenses and improve our overall security posture. 27 Material Cybersecurity Threat Risks In fiscal year 2024, the Company experienced no cybersecurity incidents that materially impacted our business strategy, operations or financial condition. We maintain cybersecurity insurance coverage to supplement our cybersecurity program, however, this insurance may not be sufficient to cover all potential losses, including reputational damage or costs incurred to improve or strengthen systems against future threats. Recognizing the increasing sophistication of cyber threats, we are actively enhancing our cybersecurity risk management efforts to minimize the likelihood and impact of such incidents. Cybersecurity Governance Our Board of Directors, through its Risk Committee with members having extensive experience in finance, asset management and agribusiness operations, oversees the cybersecurity risk management program and is provided quarterly updates by the Vice President of Packing & Technology and third-party security consultants to address our cybersecurity risk mitigation efforts. These updates include the progress of our risk mitigation efforts, cybersecurity strategies and investments. The frequency of these updates allows for informed decision-making and ensures that our Board of Directors is briefed on cybersecurity risks. Our Vice President of Packing & Technology and our Information Security team are also responsible for identifying, assessing, and mitigating cybersecurity risks across the Company. All information security managers have attained a bachelor’s degree in a related field of study, with several also having industry-leading certifications in cybersecurity. This collective team has experience in information security and cybersecurity risk management and performs detection and monitoring of cybersecurity threats and incidents on an ongoing basis through a combination of security tooling, alerting mechanisms, automated systems and manual processes to continue to preserve the confidentiality, availability and integrity of our business operations.

Company Information