Hamilton Beach Brands Holding Co 10-K Cybersecurity GRC - 2025-02-26

Page last updated on February 27, 2025

Hamilton Beach Brands Holding Co reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-02-26 16:58:28 EST.

Filings

10-K filed on 2025-02-26

Hamilton Beach Brands Holding Co filed a 10-K at 2025-02-26 16:58:28 EST
Accession Number: 0001709164-25-000008

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. CYBERSECURITY Risk Management and Strategy The Company is subject to various cybersecurity risks that could impact our systems and our ability to operate. We have developed processes to assess, identify and manage our risks related to cybersecurity threats which are incorporated into the Company’s overall risk management process. On an ongoing basis we utilize threat prevention systems to monitor, block and protect our information technology systems which are monitored continuously by trained security personnel. Our process to prevent cybersecurity incidents involves layered security architecture designed to protect our networks, end-user devices, servers, and cloud solutions. On a regular basis, we conduct phishing email simulations and provide training resources to our employees. We have an Incident Response Plan to outline our process to manage cybersecurity threats and incidents. We utilize industry recognized security and compliance experts for regular security assessments. In order to oversee and identify risks from cybersecurity threats associated with our use of third-party service providers , we review their compliance against internationally recognized standards. However, this does not mean that the Company, or our third-party service providers, will meet, or maintain, any particular technical standard, specification, or requirement in the future, but rather we use these standards as a guide to help us identify, assess and manage cybersecurity risks and threats relevant to our business. As of the filing of this Form 10-K, we are not aware of any cybersecurity incidents that have occurred since the beginning of 2024 that have materially affected, or are reasonably likely to materially affect us, including our business strategy, results of operations or financial condition. We describe whether any risks from cybersecurity threats, have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition, under the heading “Our business could suffer if information technology systems are disrupted, cease to operate effectively or become subject to a cybersecurity incident.” included within our risk factor disclosures in Item 1A. Risk Factors of this Annual Report on Form 10-K, which information is incorporated herein by reference. Governance Cybersecurity is among our Board’s oversight priorities. Through their oversight role, the Board has allocated oversight of cybersecurity risk to our Audit Review Committee of the Board . Our Audit Review Committee plays a vital role in our cybersecurity risk management process and regularly reviews the Company’s cybersecurity and other information technology risks, controls and procedures. Throughout the year, management provides the Audit Review Committee with updates to our cybersecurity risk management process and our security monitoring and protection systems. The Audit Review Committee is kept informed of new security solutions planned for deployment. As part of their regular review of reports from management, the Audit Review Committee regularly reports cybersecurity risk updates to the Board, which enables the Board to incorporate the insights of such reports into its overall risk oversight analysis. Our cybersecurity risk management processes are led by our VP, IT Business Solutions who has over 23 years of experience in various roles involving managing information systems and cybersecurity functions and developing cybersecurity strategies. Through these roles the VP, IT Business Solutions has implemented information technology security and privacy policies across multiple infrastructure and application platforms as well as identity and access management enhancements. In order to enable the Company to prevent, detect, mitigate and remediate cybersecurity incidents, our security monitoring and protection systems are continuously monitored. The VP, IT Business Solutions is kept informed in accordance with our Incident Response Plan and reports matters to the Audit Review Committee as necessary. Additionally, we have a Cyber Security Task Force in place to support our VP, IT Business Solutions that is comprised of individuals across our various departments within our organization including information systems, legal, finance, internal audit, sales and marketing, engineering and supply chain teams which meets regularly to further advance our cybersecurity strategy.

Company Information