Page last updated on February 14, 2025
BRUNSWICK CORP reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-02-14 14:23:01 EST.
Filings
10-K filed on 2025-02-14
BRUNSWICK CORP filed a 10-K at 2025-02-14 14:23:01 EST
Accession Number: 0000014930-25-000025
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
Item 1C. Cybersecurity Brunswick’s leadership recognizes the importance of information security and managing cybersecurity risks across the enterprise. We manage our global business operations through a variety of systems for commercial transactions, customer interactions, manufacturing, branding, employee tracking, and other applications. Systems based on legacy technology, sometimes added through acquisitions or hosted by third parties, and/or that contain personal information of customers or employees, present risks of erroneous or fraudulent transactions, disclosure of personal, sensitive, and confidential information, loss of reputation and confidence, potential impacts on our operations, and may result in legal claims or proceedings, penalties, and remediation costs. Brunswick’s cybersecurity risk management program is managed by a dedicated cybersecurity team. The team is led by the Chief Information Security Officer (CISO), who reports directly to the Chief Executive Officer (CEO) and the Chief Information Officer (CIO), and has over 20 years of experience in information security, cybersecurity, and IT risk management. Brunswick’s CISO holds a BBA, majoring in Accounting and Management Information Systems, and an MBA in Strategy and General Management. The CISO is supported by a leadership team with backgrounds in cybersecurity, risk management, and other related capabilities. Brunswick’s cybersecurity risk management program leverages the National Institute of Standards and Technology (NIST) framework as guidance for the program. The team regularly assesses the threat landscape to manage risks through a layered cybersecurity strategy based on prevention, detection, and containment, including processes for escalating information about threats or cyber incidents to management and the Board of Directors. We have other policies and procedures that directly or indirectly relate to cybersecurity, including those related to remote access monitoring, encryption, antivirus protection, multifactor authentication, confidential information, and the use of the internet, email, and wireless devices. The Company also engages third parties in connection with the assessment of our cybersecurity risk management processes against the NIST framework. We actively engage with key vendors, industry participants, and law enforcement communities as part of our continuing efforts to evaluate and improve our program. Internally, our employees are a key part of our program: Brunswick enables a culture in which security is everyone’s responsibility. Employees are trained through various methods throughout the year, including annual security training. Our regular interactions with third party vendors and suppliers pose a potential cybersecurity risk that could adversely impact our business or employees. We conduct information security assessments before onboarding. In addition, we require providers to meet appropriate security requirements, controls, and responsibilities, and include additional security and privacy addenda to our contracts where applicable. We also make cybersecurity education and awareness materials available to our suppliers. Brunswick’s Board of Directors (the Board) and its committees are actively engaged in managing cybersecurity risk and overseeing our information security programs. The Audit and Finance Committee (the Committee) is primarily responsible for oversight of our information technology and information security/cybersecurity programs. The Committee is composed of directors with expertise in technology, audit, finance, and compliance, equipping them to effectively oversee the program. The CISO updates the Committee at each of its regularly scheduled meetings. These reports include updates on our information security/cybersecurity programs and key performance indicators, assessment of the program, emerging risks, policies, procedures, training, and risk mitigation strategies. The CIO and CISO also provide the full Board with information technology and cybersecurity reports on at least an annual basis and with greater frequency as necessary. In addition, the Board oversees Brunswick’s long-standing enterprise risk management (ERM) process, which regularly identifies, assesses, and mitigates enterprise and emerging risks, including cyber risks. In 2024, Brunswick did not identify any cyber events or risks from cybersecurity threats that could be considered material, individually or in the aggregate. Notwithstanding our program, we may not be successful in preventing or mitigating a cybersecurity incident that could have a material adverse effect on us. For further information, refer to Section 1A, Risk Factors for a discussion of risks related to cybersecurity and technology.
Company Information
| Name | BRUNSWICK CORP |
| CIK | 0000014930 |
| SIC Description | Engines & Turbines |
| Ticker | BC - NYSEBC-PA - NYSEBC-PC - NYSE |
| Website | |
| Category | Large accelerated filer |
| Fiscal Year End | December 30 |