SEABOARD CORP /DE/ 10-K Cybersecurity GRC - 2025-02-13

Page last updated on February 14, 2025

SEABOARD CORP /DE/ reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-02-13 16:11:19 EST.

Filings

10-K filed on 2025-02-13

SEABOARD CORP /DE/ filed a 10-K at 2025-02-13 16:11:19 EST
Accession Number: 0000088121-25-000017

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C . Cybersecurity Cybersecurity Risk Management and Strategy Seaboard recognizes the importance of maintaining the trust and confidence of its customers, business partners, employees and other stakeholders with the security of its data and information systems. The Board is involved in the oversight of Seaboard’s enterprise risk management program, of which cybersecurity is a component. Seaboard’s information security program includes cybersecurity policies, standards, processes and practices that are based on recognized frameworks established by the Center for Internet Security (“CIS”) and other applicable industry standards. These frameworks and standards serve as guides and references. Seaboard adapts them to its specific environment, needs and industries. They are not meant to imply that Seaboard meets, or fully complies with, any specific technical standards, specifications or requirements set forth within them. Seaboard seeks to address cybersecurity risks through a comprehensive , company-wide information security program that is focused on preserving the confidentiality, integrity and accessibility of the information that Seaboard collects and stores, supporting legal and regulatory compliance and preventing disruptions to business operations. Seaboard’s information security program monitors the systems and networks Seaboard relies upon for threats, breaches, intrusions and potential other weaknesses; assesses the security of company-wide software, applications and systems; responds to cybersecurity incidents; and facilitates training for employees. Seaboard maintains a risk-based approach to information security that is based on the CIS-18 controls framework to identify key areas of cybersecurity risk. Seaboard’s information security program maintains a team responsible for managing the cybersecurity risk assessment process across all segments (the “Information Security Team”). The Information Security Team routinely performs various reviews and generates reports throughout the year to determine risks, threats and compliance with information security policies, standards and the framework of controls. This Information Security Team partners with each of the segments to identify key areas of cybersecurity risk based on the framework and develop action plans tailored to address those risks. Risks are evaluated at least on a quarterly basis according to Seaboard’s cybersecurity reporting process. Other cybersecurity risk management measures Seaboard takes include: ● Employees and directors with login credentials are required to participate in trainings on at least a quarterly basis to identify potential cybersecurity risks, which are supplemented by periodic phishing tests. ● Seaboard engages independent third parties to perform some services such as penetration testing and monitoring on an ongoing basis by automated tools that detect threats and trigger alerts for assessment and investigation by Seaboard’s Information Security Team. ● Seaboard maintains end user and administrative user policies governing the use of company technology. ● Seaboard conducts risk assessments of certain of its third-party service providers with attention to cybersecurity risks. As of the date of this report, Seaboard is not aware of any cybersecurity threats that have materially affected or are reasonably likely to materially affect Seaboard’s business strategy, results of operations or financial condition. However, cybersecurity threats and cyber-attacks continue to increase in sophistication and volume. As a result, Seaboard frequently updates its information security plan to address new threats, and Seaboard continues to make investments to protect its information technology infrastructure. Cybersecurity risks that may materially impact Seaboard are discussed in more detail in Item 1A “Risk Factors,” under the heading “Operational Risks,” which should be read in conjunction with this Item 1C. Cybersecurity Governance Seaboard acknowledges the importance of effectively managing risks linked to cybersecurity threats. Seaboard has implemented oversight mechanisms to ensure effective governance in handling risks linked to cybersecurity threats because of the impact these threats can have on operational integrity and stakeholder confidence. Seaboard’s information security program and the Information Security Team is led and managed by a dedicated Director of Information Security (the " IS Directo r") . The IS Director, whose experience includes over eight years in information security leadership roles and relevant certifications, brings appropriate expertise to Seaboard’s information security program. The IS Director’s experience and knowledge are crucial to the ongoing development and execution of Seaboard’s information security program. The IS Director and the Information Security Team communicate guidance, including various alerts to monitor and assess threats, to information security personnel in all segments to ensure consistent execution of cybersecurity risk management activities. Updates on segment-level cybersecurity risks, compliance and implementation status are provided on at least a quarterly basis to Seaboard’s Chief Executive Officer (“CEO”) and Chief Financial Officer (“CFO”) for purposes of risk monitoring, updates to policies, allocation of resources, progress on action plans and discussions on other topics as necessary. 14 On at least a quarterly basis, the IS Director and other members of management inform Seaboard’s full Board of new risks or changes to risks, the status of projects supporting Seaboard’s information security systems, assessments of Seaboard’s information security program and the emerging threat landscape. The Board provides feedback on management’s plans and allocates resources for plan improvement expenditures. Seaboard also maintains disclosure controls and procedures to ensure that executive management and the Board receive prompt and timely information regarding any material cybersecurity incidents. Upon confirmation of a cybersecurity incident, the impacted segment invokes their response plan and notifies the IS Director who then communicates the details of the incident to management’s Cybersecurity Committee for determination of materiality.

Company Information