DMC Global Inc. 10-K Cybersecurity GRC - 2025-02-24

Page last updated on February 24, 2025

DMC Global Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-02-24 16:25:35 EST.

Filings

10-K filed on 2025-02-24

DMC Global Inc. filed a 10-K at 2025-02-24 16:25:35 EST
Accession Number: 0000034067-25-000028

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. Cybersecurity The Board, in coordination with the Risk Committee, oversees the Company’s risk management program, which includes risks arising from cybersecurity threats. DMC’s Chief Information Officer (CIO) and Chief Information Security Officer (CISO) , the management position responsible for assessing and managing material risks from cybersecurity threats, manages the Company’s cybersecurity program and are responsible for leading and coordinating cybersecurity activities across the organization. The CIO reports directly to our Interim President and Chief Executive Officer, and the CISO reports directly to our CIO. Our CISO has extensive experience in cybersecurity, business continuity, disaster recovery and cloud security. Led by our CIO and CISO, we conduct regular assessments to identify potential cybersecurity risks and vulnerabilities, including the evaluation of systems and data assets. We have established internal procedures to stay vigilant against evolving threats by monitoring network traffic and conducting security audits. We also regularly engage independent assessors and external consultants who specialize in cybersecurity to conduct thorough, unbiased evaluations of our systems, policies, and procedures. These assessments help us ensure that our cybersecurity practices are aligned with applicable regulations and standards. To further evaluate our cybersecurity defenses, we periodically commission penetration exercises conducted by specialized firms. These tests simulate real-world attacks and assist in assessing our internal readiness and response capabilities. We are proactively taking steps to enhance our monitoring of third-party service providers’ cybersecurity, including the continuance of a vendor third-party risk management program. As we continue to expand this program, it should better enable the Company to identify and manage material risks from cybersecurity threats related to our third-party service providers. Cybersecurity risk updates are provided quarterly to our senior management team by the CIO and CISO as part of our enterprise risk management process. We have established an incident response policy that outlines the process for assessing and responding to cybersecurity incidents. The incident response policy is reviewed at least annually by executive management. The Board also receives quarterly updates on cybersecurity risks. These reports are typically presented by our CISO to the Risk Committee of the Board and include updates to recently completed cybersecurity initiatives, upcoming plans, an overview of current threats, as well as discussion of our overall cybersecurity maturity and readiness. The Board participates in simulated cybersecurity trainings and is kept apprised of changes in cybersecurity regulatory requirements, ensuring that our organization remains in compliance with relevant standards. Cybersecurity risks and threats, including as a result of any previous cybersecurity incidents, have not materially impacted and are not reasonably expected to materially impact us or our operations. However, we recognize the ever-evolving cyber risk landscape and cannot provide any assurances that we will not be subject to a material cybersecurity incident in the future. See Item 1A. Risk Factors “A failure in our information technology systems or those of third parties, including those caused by security breaches, cyber-attacks or data protection failures, could disrupt our business, result in significant legal costs and other losses and damage our reputation” for a discussion of cybersecurity-related risks.

Company Information