JBT Marel Corp 10-K Cybersecurity GRC - 2025-02-28

Page last updated on March 3, 2025

JBT Marel Corp reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-02-28 10:43:46 EST.

Filings

10-K filed on 2025-02-28

JBT Marel Corp filed a 10-K at 2025-02-28 10:43:46 EST
Accession Number: 0001433660-25-000009

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY We maintain a comprehensive technology and cybersecurity program to ensure our systems are effective and prepared for information security risks, utilizing regular oversight of our programs through security monitoring and alerting for internal and external threats to ensure the confidentiality, integrity, and availability of our information assets. We regularly perform evaluations and testing of our security program, information technology infrastructure, information security management systems, and third-party service providers we use in our operatio ns. Our cybersecurity program is led by two Chief Information Security Officers (the “CISOs”) , both of whom are Certified Information Systems Security Managers with over 15 years of related experience. Their areas of influence are split into two scopes, Business Information Security (CISO - BIS) and Compliance Information Security (CISO - CIS). The mission of the CISO - BIS is second line defense, to define and execute business operations security, cybersecurity operations activities and to identify and mitigate risks. The mission of the CISO - CIS is third line defense, with a focus on governance, risk, and compliance, audits, third-party risk management, and validation of regulatory compliance for the security program. Our cybersecurity program includes the implementation of controls aligned with cybersecurity best practices to identify threats, detect attacks, and protect our information assets. Our cybersecurity program aligns with applicable statutes and regulations to stay abreast of current compliance requirements. We use preventative and detective tools and utilities that provide alerts of vulnerabilities and threats, and alert to patch management requirements. Security monitoring capabilities are designed to alert us to suspicious activity providing the opportunity for quick risk mitigation and remediation. Our incident response program is tested periodically and is designed to provide a clear guide, procedures and communications matrix to adhere to in the event of an incident. The plan facilitates risk mitigation and leads to business recovery and restoration as quickly and as orderly as possible in the event of a critical security incident. In addition, our employees participate in an ongoing program of monthly security awareness training and receive frequent communications regarding the cybersecurity environment to increase awareness throughout the company. We have also implemented an annual training program for specific specialized employee populations, including secure coding training. Notwithstanding the extensive approach we take to cybersecurity, because cyber threats are always evolving, there remains the possibility of a cybersecurity incident which could have a material adverse effect on the organization. We have established a Cybersecurity Steering Committee comprised of key leaders across the Company whose responsibilities include oversight of cybersecurity incident materiality, security, governance, and reporting functions. The objective of the Cybersecurity Steering Committee is to set policies and standards for the Company in relation to information security and cyber events, including the Company’s response protocols and disclosure requirements upon occurrence of any cyber event that is considered material to the Company. The Audit Committee reviews cybersecurity information technology risks in connection with its oversight of our enterprise risk management program, and reports to the Board on enterprise risk management matters on a quarterly basis. If a critical cybersecurity event is identified by the CISOs, the Cyber Security Steering Committee , with input from the business, will assess its materiality, and events that are deemed material will be reported to the Audit Committee and the Board of Directors. Additionally, our CISOs meet regularly with our senior management team and the Board of Directors or the Audit Committee to brief them on technology and information security matters, including cybersecurity risk related matters. We carry insurance that provides protection that may reduce the potential losses arising from a cybersecurity incident. Risks from cybersecurity threats, including as a result of past cybersecurity incidents have not materially affected and are not reasonably likely to materially affect the Company, including our business strategy, results of operations or financial condition. 34

Company Information