MILLER INDUSTRIES INC /TN/ 10-K Cybersecurity GRC - 2025-03-05

Page last updated on March 5, 2025

MILLER INDUSTRIES INC /TN/ reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-05 17:13:07 EST.

Filings

10-K filed on 2025-03-05

MILLER INDUSTRIES INC /TN/ filed a 10-K at 2025-03-05 17:13:07 EST
Accession Number: 0001558370-25-002276

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY We proactively address cybersecurity risk through a comprehensive cybersecurity program to identify, protect, detect, respond to, and manage any reasonably foreseeable cybersecurity risks and threats. We use a multi-faceted approach including, but not limited to, third-party assessments, internal cybersecurity audits, IT security, governance, risk, and compliance reviews. To defend, detect, and respond to cybersecurity incidents, we, among other things, require mandatory third-party cybersecurity training and testing for all employees, perform periodic user access reviews across the organization, perform penetration testing using external third-party tools and techniques to test security controls, employ multifactor authentication and biometrics login tools, take steps to verify whether vendors have appropriate cybersecurity programs, and conduct frequent security assessments to identify and remedy vulnerabilities . We also employ the use of Secure Socket Layer inspection on our firewalls, which are able to decrypt and scan all network traffic entering and leaving our facilities. Recognizing the complexity and evolving nature of cybersecurity threats, we regularly engage external auditors and consultants to assess our internal cybersecurity programs and compliance with applicable practices and standards, including regularly reviewing and updating our incident response plan. These partnerships enable us to leverage specialized knowledge and insights, seeking to continue to improve upon our cybersecurity strategies and processes. Based upon the information that we have as of the end of the year covered by this report, we do not believe that we have experienced any material cybersecurity incidents to date. However, the risks from cybersecurity threats and incidents continue to increase, and the preventative actions we have taken, and continue to take, to reduce the risk of cybersecurity threats and incidents may not successfully protect against all such threats and incidents, and, as a result, there can be no assurance that we or the third parties we interact with will not experience a cybersecurity event in the future that will materially affect us. As described in Item 1A - “Risk Factors”, any breach of data security could result in a disruption of our services or improper disclosure of personal data or confidential information, which could harm our reputation, require us to expend resources to remedy such a security breach or defend against further attacks, or subject us to liability under laws that protect personal data, resulting in increased operating costs or loss of revenue. Our Board understands the critical nature of managing risks associated with cybersecurity threats. Accordingly, our Board has established oversight mechanisms to ensure effective governance in managing risks associated with cybersecurity threats because we recognize the significance of these threats to our operational integrity and in maintaining shareholder confidence. The Audit Committee has been made primarily responsible for the Board’s oversight of cybersecurity risks. However, the entire Board of Directors reviews significant cybersecurity risks and works with the Audit Committee to address these issues. Our Chief Information Officer is responsible for overseeing cybersecurity and reports to the Audit Committee , as well as the Board at all its regular quarterly meetings regarding matters of cybersecurity. These reports include existing and new cybersecurity risks, status on how management is addressing and/or mitigating those risks, cybersecurity and data privacy incidents (if any), updating the status on defensive security measures and risk assessment, and key information security initiatives. Our Audit Committee and our other Board members also engage in ad hoc conversations with management on cybersecurity-related news events and discuss any updates to our cybersecurity risk management and strategy programs. Our Chief Information Officer has been with the Company for more than 25 years, developing and overseeing our information systems and cybersecurity risk management program. Our Chief Information Officer and his team, which includes a cybersecurity professional, are informed about, and monitor the prevention, mitigation, detection, and remediation of cybersecurity incidents through their management of, and participation in, the cybersecurity risk management and strategy processes described above, including the operation of our incident response plan, and report to the Board and Audit Committee on any appropriate items .

Company Information