HYSTER-YALE, INC. 10-K Cybersecurity GRC - 2025-02-25

Page last updated on February 25, 2025

HYSTER-YALE, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-02-25 16:41:04 EST.

Filings

10-K filed on 2025-02-25

HYSTER-YALE, INC. filed a 10-K at 2025-02-25 16:41:04 EST
Accession Number: 0001173514-25-000015

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. CYBERSECURITY The Company’s cybersecurity risk management processes are a component of the Company’s overall risk management program. The Company’s Board of Directors, directly and through its committees , is responsible for overseeing cybersecurity risks that affect the Company. As such, the Board has delegated oversight of risks related to cybersecurity to the Audit Review Committee of the Board of Directors (the “ARC”). The ARC is charged with reviewing the Company’s cybersecurity risks, controls and procedures. The ARC reviews the Company’s plans to mitigate cybersecurity risks and the Company’s ability to respond to and remediate cybersecurity incidents . The ARC is informed of such risks through regular reviews with management regarding any specific cybersecurity issues that could affect the adequacy of internal controls over financial reporting. The Company’s Office of the Chief Information Security Officer (“Office of the CISO”), which is responsible for the daily direction and management of cybersecurity risk activities, consists of the Chief Information Security Officer, Chief Information and Digital Officer and other information technology and cybersecurity specialists. The Office of the CISO uses various data protection frameworks and conducts vulnerability assessments, cybersecurity monitoring and recovery software, employee, supplier and dealer training programs and monitoring of incidents and threats. Members of the Office of the CISO also engage with the Company’s internal audit department to review cybersecurity threats focusing on operational applications and databases through the course of their activities. The Chief Information Security Officer has extensive experience in information technology including roles in cybersecurity, privacy, software engineering, systems engineering, infrastructure and data center management, and is a Certified Information Security Manager and a Certified Data Privacy Solutions Engineer. The Company’s Office of the CISO chairs the Company’s Cybersecurity Committee (the “CSC”), which oversees the establishment and operations of cybersecurity risk management processes and strategies and directs activities to identify, detect, assess and manage risks from cybersecurity threats, protect the Company’s assets and to respond and recover from cybersecurity incidents. The CSC is responsible for coordination with the Company’s internal audit, risk management and/or crisis management teams to review and respond to cybersecurity threats. The CSC includes members of senior management from operations, finance and legal. The CSC is expected to meet quarterly. On behalf of the CSC, the Office of the CISO review and reports on the Company’s cybersecurity activities to the ARC on a quarterly basis and to the full Board of Directors on at least an annual basis. In addition, the Company engages third parties to assist in assessing, enhancing, implementing and monitoring the Company’s cybersecurity risk-management programs. The Company maintains processes to oversee and identify risks from cybersecurity threats associated with its use of third-party service providers. The Company has experienced cybersecurity threats, cybersecurity incidents and vulnerabilities in its information systems and those of third-party business partners. As of the date of this filing, the Company has not identified any risks from cybersecurity threats, including as a result of previous cybersecurity incidents, that have had or are reasonably likely to have a material impact on the Company’s business strategy, results of operations or financial condition. If, in the future, the Company’s or a third party’s information systems suffer severe damage, disruption, breach, or shutdown, and business continuity plans do not effectively resolve the issues in a timely manner, then the Company could be subject to litigation including individual claims or consumer class actions, commercial litigation, administrative, civil or criminal investigations or actions, regulatory intervention, government enforcement actions, penalties, sanctions or fines, disruption to operations and product systems, unauthorized release of confidential or otherwise protected information, corruption or alteration of data, payment of ransom, or investigation and remediation costs, which could result in a negative impact on the Company’s business strategy, results of operations, financial condition or reputation. See “Risks Related to Cybersecurity” in Part I, Item 1A. Risk Factors, in this Annual Report on Form 10-K.

Company Information