SKECHERS USA INC 10-K Cybersecurity GRC - 2025-02-28

Page last updated on March 3, 2025

SKECHERS USA INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-02-28 16:15:28 EST.

Filings

10-K filed on 2025-02-28

SKECHERS USA INC filed a 10-K at 2025-02-28 16:15:28 EST
Accession Number: 0000950170-25-030016

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity CYBERSECURITY RISK MANAGEMENT AND STRATEGY We recognize the critical importance of maintaining the safety and security of our systems and data and have a holistic process for overseeing and managing cybersecurity and related risks. This process is supported by both management and our Board of Directors. We have developed and implemented a Cybersecurity Risk Management Program intended to protect the confidentiality, integrity, and availability of our critical systems and information. Our cybersecurity risk management program includes a cybersecurity incident response plan. 14 We leverage industry standard frameworks such as the National Institute of Standards and Technology Cybersecurity Framework (“NIST CSF”) and Center for Internet Security (“CIS”) framework to inform how we identify, assess and manage cybersecurity risks relevant to our business. Our Cybersecurity Risk Management Program includes: - risk assessments designed to help identify material cybersecurity risks to our critical systems, information, products, services, and our broader enterprise IT environment; - a security team principally responsible for managing (1) our cybersecurity risk assessment processes, (2) our security controls, and (3) our response to cybersecurity incidents; - cybersecurity awareness training of our employees, and incident response personnel; - a cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents; - a third-party risk management process for service providers, suppliers, and vendors; and - engage ment of third parties for our 24/7 monitoring, detection, and response; regular penetration testing, program controls assessment, and proactive incident preparedness activities. We have not identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected or are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition. Cybersecurity Governance Our Board of Directors is responsible for overseeing our enterprise risk management activities in general, and each of our Board committees assists the Board in the role of risk oversight. Our Senior Vice President (“SVP”) of Information Technology and the Vice President (“VP”) of Information Security have overall responsibility for assessing and managing our material risks from cybersecurity threats. To help ensure effective oversight, the Audit Committee receives reports on information security and cybersecurity at least annually, and receives an update quarterly on information security and cybersecurity from materials provided by the VP of Information Security. The VP of Information Security oversees the Information Security Steering Committee (“Steering Committee”), which provides education on the Company’s cybersecurity programs and controls to key members of the Company. The Steering Committee meets quarterly and is comprised of members from the Executive Leadership Team, including the Chief Financial Officer and Executive Vice President of Business Affairs, as well as the SVP of Information Technology, VP of Information Security, VP of Corporate Communications, SVP of Digital Innovation, and Head of Global Human Resources. Cybersecurity risk management is led by our VP of Information Security and our SVP of Information Technology, who reports to our Chief Operating Officer, who are generally responsible for management of cybersecurity risk and the protection and defense of our networks, systems and data. The VP of Information Security manages a team of cybersecurity professionals with broad experience, including in cybersecurity threat assessments and detection, mitigation technologies, cybersecurity training, incident response, cyber forensics, digital security and regulatory compliance. Our VP of Information Security has over 15 years of experience in technology and information security, serves on the board of directors of the Retail & Hospitality Information Sharing and Analysis Center (“RH-ISAC”) and holds several cybersecurity and risk management certifications. Our SVP of Information Technology has over 30 years of information technology management and cybersecurity experience and has held leadership roles overseeing all aspects of information technology operations for multiple Fortune 500 and Fortune 50 global companies, particularly in the retail and media & entertainment sectors. We continue to invest in cybersecurity and resiliency of our networks and adapt our internal controls and processes, which are designed to help protect our systems and infrastructure, and the information they contain. For more information regarding the risks we face from cybersecurity threats, please see Item 1A “Risk Factors.”

Company Information