FULLER H B CO 10-K Cybersecurity GRC - 2025-01-23

Page last updated on January 23, 2025

FULLER H B CO reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-01-23 15:35:55 EST.

Filings

10-K filed on 2025-01-23

FULLER H B CO filed a 10-K at 2025-01-23 15:35:55 EST
Accession Number: 0001437749-25-001699

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Cybersecurity protection and data privacy are important to maintaining our proprietary information and the trust of our customers, suppliers and employees, and we recognize the importance of working to secure our data and information systems from potential cybersecurity and data privacy incidents. We are a large global manufacturer with sites around the world, and we identify and assess our cybersecurity risk through that lens. Securing the execution and control of our manufacturing operations, to the extent implemented through digital technology, is a primary area of focus. We also face risks encountered by substantially all large global companies such as the risks of intellectual property and information being compromised, fraud and violation of privacy or security laws. Our cybersecurity risk is managed as part of our broader enterprise risk management program. Specifically, a risk management workstream focused on our information technology function (including cybersecurity) is designed to assess, identify and manage cybersecurity-related risks and mitigation measures. Our cybersecurity risk program also includes a documented incident response plan to be used in the event of a cybersecurity incident. The incident response plan provides for certain responses based on various factors of a cybersecurity incident. We periodically assess and test our policies, standards, processes and practices that are designed to address cybersecurity threats and incidents, including those from third-party service providers who have access to our systems, data or are critical to our continued business operations. These efforts include a wide range of activities, including audits, assessments, tabletop exercises, threat modeling, vulnerability testing and other exercises focused on evaluating the effectiveness of our cybersecurity measures and planning. We regularly engage third parties to perform assessments on our cybersecurity measures, including information security maturity assessments, audits and independent reviews of our information security control environment and operating effectiveness. The results of such assessments, audits and reviews are reported to senior management and, if warranted, to our audit committee, and we adjust our cybersecurity policies, standards, processes and practices as necessary based on the information provided by these assessments, audits and reviews. While some of our third-party service providers have experienced cybersecurity incidents and have experienced threats to their data and systems, as of the date of this report, we are not aware of any cybersecurity threats or incidents that have materially affected our business strategy, results of operations, or financial condition. This does not guarantee that future incidents or threats will not have a material impact by interrupting operations, causing reputational harm, increasing operating costs, or exposing the Company to litigation. For additional commentary on cybersecurity risks, see Part 1, Item 1A. Risk Factors. Governance and Management’s Responsibilities Our Board of Directors views the identification and effective management of cybersecurity threats as a critical component of overall risk management and oversight responsibilities, and has delegated responsibility for oversight of this risk to the audit committee. The audit committee oversees the management of risks arising from cybersecurity threats and regularly reports to the Board of Directors regarding cybersecurity. Our audit committee oversees our enterprise risk management (“ERM”) process, and cybersecurity represents an important component of our overall approach to ERM. Our cybersecurity policies, standards, processes and practices are informed by the National Institute of Standards and Technology (NIST) Cybersecurity Framework and applicable industry standards. In general, we seek to address cybersecurity risks through a comprehensive, cross-functional program that is focused on identifying, assessing, preventing and mitigating cybersecurity threats and effectively responding to cybersecurity incidents when they occur. To manage our cybersecurity program, management has established a cybersecurity steering committee and cybersecurity incident response team, both led by our chief information officer. Our cybersecurity steering committee and cybersecurity incident response team include multidisciplinary groups of corporate and operational leaders, external cyber-specialist resources and technical experts in cybersecurity risk management, incident response and security operations. Many members of our cybersecurity team have extensive experience in the operations of networks, network security and infrastructure management. Our chief information officer has over 20 years of information technology experience, including leadership roles at large, global, publicly-traded companies, and is informed about and monitors prevention, detection, mitigation, and remediation efforts through regular communication and reporting from professionals on the cybersecurity steering committee and cybersecurity incident response team, and through the use of technological tools and software. Our chief information officer is also responsible for updating the audit committee on cybersecurity on a quarterly basis and, where appropriate, escalating certain cybersecurity incidents to the full Board of Directors.

Company Information