Page last updated on February 21, 2025
MARTIN MARIETTA MATERIALS INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-02-21 14:57:38 EST.
Filings
10-K filed on 2025-02-21
MARTIN MARIETTA MATERIALS INC filed a 10-K at 2025-02-21 14:57:38 EST
Accession Number: 0000950170-25-024770
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
Item 1C - Cybersecurity I TEM 1C - CYBERSECURITY Risk Management and Strategy Martin Marietta prioritizes the management of cybersecurity risk and the protection of information across the enterprise by embedding data protection and cybersecurity risk management in its operations. The Company’s processes for assessing, identifying and managing material risks from cybersecurity threats have been integrated into the Company’s overall risk management system and processes. As a foundation of this approach, the Company has implemented a layered governance framework designed to assess, identify and manage cybersecurity risks. Martin Marietta’s cybersecurity policies encompass incident response procedures and information security. To develop these policies and procedures, the Company monitors privacy and cybersecurity laws, regulations and guidance applicable thereto, as well as proposed privacy and cybersecurity laws, regulations, guidance and emerging risks. The Company partners with leading cybersecurity firms and organizations, utilizing third-party technology and expertise, to monitor and evaluate the performance and effectiveness of its cybersecurity controls and defenses and to supplement the expertise that the Company’s security managers possess. Furthermore, the Company conducts assessments of information technology and cybersecurity third-party providers during the initial review process and periodically thereafter. As described in Item 1A, Risk Factors of this Form 10-K, the Company faces risks from cybersecurity threats that could have material adverse effect on its business including its business strategy, results of operations or financial condition. While the Company has experienced attacks on the security of its information technology systems to date, management is not aware that the Company has experienced a material cybersecurity incident during the 2024 fiscal year. Governance As part of its overall risk management approach, the Company prioritizes the identification and management of cybersecurity risk at several levels, including Board oversight, day-to-day executive risk management and employee training. The Audit Committee, comprised of independent directors from the Board, oversees the Board’s responsibilities relating to the operational (including information technology risks, business continuity and data security) risk affairs of the Company. The Audit Committee is informed of such risks through quarterly reports from the Senior Vice President, Chief Information Officer (CIO), who oversees the implementation and compliance of information security standards and mitigation of cybersecurity related risks, assesses and manages the cyber risk management program, determines when third-party cybersecurity experts should be consulted, informs senior management regarding the prevention, detection, mitigation and remediation of cybersecurity incidents with the support of the cybersecurity incident management team and supervises such efforts. The Company’s cybersecurity incident management team has decades of experience selecting, deploying and operating cybersecurity technologies, initiatives and processes as well as managing enterprise risk. The Incident Response Leadership Committee, which includes senior executives across the Company, is alerted as appropriate to cybersecurity incidents, and the CIO is responsible for communicating to the Audit Committee regarding the activities of the Incident Response Leadership Committee, as appropriate. The CIO has over 20 years of experience in information technology and business operations. He holds a Master of Business Administration and a Bachelor of Engineering as well as various business and strategic leadership certificates. The Company’s Vice President (VP), Infrastructure and Security, who reports directly to the CIO, is responsible for day-to-day assessment and management of cybersecurity risk and the Company’s cybersecurity incident management team and acts as a chief information security officer. The VP, Infrastructure and Security has 38 years of information technology experience including 22 years of experience in information security. Additionally, he holds various information technology certificates, including Certified Information Systems Security Professional and Certified Information Security Manager certificates. The Company holds annual employee trainings on cybersecurity, conducts phishing tests and generally seeks to promote awareness of cybersecurity risk through communication and education of its employees. Form 10-K ♦ Page 26 Part I ♦
Company Information
| Name | MARTIN MARIETTA MATERIALS INC |
| CIK | 0000916076 |
| SIC Description | Mining & Quarrying of Nonmetallic Minerals (No Fuels) |
| Ticker | MLM - NYSE |
| Website | |
| Category | Large accelerated filer |
| Fiscal Year End | December 30 |