HURCO COMPANIES INC 10-K Cybersecurity GRC - 2025-01-10

Page last updated on January 10, 2025

HURCO COMPANIES INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-01-10 17:02:02 EST.

Filings

10-K filed on 2025-01-10

HURCO COMPANIES INC filed a 10-K at 2025-01-10 17:02:02 EST
Accession Number: 0001558370-25-000129

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. CYBERSECURITY We recognize the importance of developing, implementing, and maintaining processes for assessing, identifying and managing material risks from cybersecurity threats. Risk Management and Strategy We continue to invest in strengthening our cybersecurity strategy and platform and, as specifically set forth below, have integrated cybersecurity risk management into our broader enterprise risk management process. This integration will promote cybersecurity considerations as an integral part of our decision-making processes and operational practices. Our information technology department works closely with our senior management team to consistently identify, evaluate, and manage cybersecurity risks in alignment with our business strategy and objectives and operational needs. We regularly monitor alerts from governmental authorities and industry experts, as well as third party system and organizational controls reports, to remain informed about prevailing and developing cybersecurity threats and bad actor tactics. We also periodically engage third party consultants to conduct independent assessments of our cybersecurity readiness and control effectiveness; to gain insights into emerging threats and vulnerabilities, industry trends, and leading practices; and to inform our cybersecurity strategy. Further, we work with third party experts and leverage external resources to evaluate known vulnerabilities in existing systems and provide remediation steps, as appropriate, and/or otherwise further protect the organization from cyber risk or threats, in each case including cybersecurity threats associated with our use of any third-party service provider. Based upon results of the foregoing, we deploy a wide variety of technical safeguards that are designed to protect our information systems from cybersecurity threats, including advanced endpoint detection and response, next-generation firewalls with intrusion detection systems, access and credential controls, and multifactor authentication. We have also developed, implemented, and maintain a cyber incident response plan, which is periodically reviewed and updated and includes procedures for addressing and recovering from cyber incidents while reducing the impact on the business and operations. This plan provides a framework for identifying, controlling, and mitigating the attack while reducing the recovery time and keeping the executive management team and Audit Committee of our Board of Directors informed. 28 Notably, our cybersecurity strategy and incident response plan intentionally prioritize frequent and automated backup and recovery processes in an attempt to minimize the potential for critical data loss and/or business interruption. In doing so, we use systems that provide immutable backup and recovery of files and virtual machines, encryption of data at rest and in transit to protect against unauthorized access, and transmission of copies offsite at predetermined, recurring, and frequent intervals. While we have experienced cybersecurity incidents and expect to continue to be subject to such incidents, to date, we have not experienced any cybersecurity incidents that have materially affected our business strategy, results of operations or financial condition. However, we are subject to ongoing risks from cybersecurity threats that could materially affect us, including our business strategy, results of operations, or financial condition, as further described in Part I, Item 1A, “Risk Factors” of this Annual Report on Form 10-K. Governance The Audit Committee of our Board of Directors oversees cybersecurity risk management as part of its risk oversight function and oversees the design and effectiveness of management’s implementation of our cybersecurity risk management program, procedures, and contingency plans. Senior management plays a critical role in informing the Audit Committee on cybersecurity risks. More specifically, the information technology department regularly informs executive management, including the Chief Executive Officer, Chief Financial Officer and General Counsel, on all aspects pertaining to cybersecurity risks and incidents; and the Audit Committee receives periodic reports from executive management, senior information technology leadership, and risk management personnel on our cybersecurity and information security risks and postures on a regular basis. These periodic reports include detailed updates on our activities preparing for, preventing, detecting, responding to, and recovering from cyber incidents, if applicable. Senior management with primary oversight responsibility for day-to-day cybersecurity risk management includes our Chief Executive Officer, Chief Financial Officer, Director of Information Technology, General Counsel, Corporate Controller, and Chief Accounting Officer. The group’s collective education and experience informs our cybersecurity risk assessment and management process and includes, among others, the following: higher education degrees (including master’s level or equivalent) in computer science and/or technology; decades of experience in the information technology and computer science field; experience configuring and maintaining firewalls, VPNs, and endpoint security frameworks for sophisticated, multinational organizations; proficiency in programming languages; certifications as developers and network engineers; and responsibility for managing large-scale international implementations of enterprise resource planning software systems for global companies. 29

Company Information