Cadre Holdings, Inc. 10-K Cybersecurity GRC - 2025-03-11

Page last updated on March 11, 2025

Cadre Holdings, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-11 16:18:33 EDT.

Company Summary

Cadre is a provider of safety and survivability equipments for first responders, federal agencies, and outdoor/personal protection markets

Filings

10-K filed on 2025-03-11

Cadre Holdings, Inc. filed a 10-K at 2025-03-11 16:18:33 EDT
Accession Number: 0001558370-25-002711

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy We have established policies and processes for assessing, identifying, and managing material risk from cybersecurity threats, and have integrated these processes into our overall risk management systems and processes. We routinely assess material risks from cybersecurity threats, including any potential unauthorized occurrence on or conducted through our information systems that may result in adverse effects on the confidentiality, integrity, or availability of our information systems or any information residing therein. We conduct annual risk assessments to identify cybersecurity threats. These risk assessments include identifying reasonably foreseeable potential internal and external risks, the likelihood of occurrence and any potential damage that could result from such risks, and the sufficiency of existing policies, procedures, systems, controls, and other safeguards in place to manage such risks. As part of our risk management process, we may engage third party experts to help identify and assess risks from cybersecurity threats. Following these risk assessments, we design, implement, and maintain reasonable safeguards to minimize the identified risks; reasonably address any identified gaps in existing safeguards; update existing safeguards as necessary; and monitor the effectiveness of our safeguards. We believe that we have allocated adequate resources to address the cybersecurity threats that may affect the Company. Our Vice President of Information Technology and our Information Security Officer manage the Company’s cybersecurity risk assessment as well as mitigation process and also oversee our Incident Response Team which also includes Vice Presidents of Legal, Human Resources and Tax. The Company also participates in a cybersecurity risk insurance policy. In July 2024, we experienced a cybersecurity incident involving unauthorized access to certain systems, which required us to implement containment and mitigation measures. Although we acted promptly and effectively to address the issue, the incident led to temporary interruptions in our business operations, including impacts to production and order fulfillment at some of our facilities. Additionally, in September 2024, we experienced another, albeit negligible, cybersecurity incident that similarly required containment actions out of an abundance of caution. Although the September incident had a minimal impact on our operations, it underscores the persistent and evolving nature of cybersecurity risks we face. We believe the impacts of these cybersecurity incidents, either measured together or individually, were not material to our financial condition or results of operations. In addition, we do not believe that risks from cybersecurity threats have materially affected our business strategy, financial condition, or results of operations. However, there is no guarantee that future cybersecurity incidents will not have a material impact in the future. For additional information regarding cybersecurity threats that may materially affect the Company, including our business strategy, results of operations, or financial condition, please refer to Item 1A, “Risk Factors,” in this Annual Report on Form 10-K , including the risk factors entitled “We may be subject to disruptions, failures or cyber-attacks in our information technology systems and network infrastructures that could disrupt our operations, damage our reputation and adversely affect our business, operations, and financial results,” and “We rely on information technology systems, including third-party cloud-based solutions, and any failure of these systems due to outages and/or cyberattacks may result in disruptions or outages, loss of processing capabilities, and/or loss of data, any of which may have a material adverse effect on our business, operations, and financial results.” Governance One of the functions of our Board of Directors is informed oversight of our risk management process, including risks from cybersecurity threats. Our Board of Directors is responsible for overseeing and assessing strategic risk exposure, and our executive officers are responsible for the day-to-day management of the material risks we face. Our Board of Directors administers its cybersecurity risk oversight function directly as a whole and through its committees. In particular, the Audit Committee of our Board of Directors plays a large role in overseeing and assessing our financial, legal and operational risks, and receives reports from the management team regarding organizational risk as well as particular areas of concern, which includes, but is not limited to cybersecurity risks, related mitigation, and other related responses and activities. Our Vice President of Information Technology and our Information Security Officer are primarily responsible for assessment and management of material risks from cybersecurity threats. Our VP of Information Technology oversees key cybersecurity policies and processes, including those described in “Risk Management and Strategy” above. Our Board of Directors and Audit Committee are informed at least annually about the Company’s policies and processes to monitor the prevention, detection, mitigation, and remediation of cybersecurity incidents. In addition, the VP of Information Technology will also report any cybersecurity risks and activities including but not limited to any cybersecurity threats and related responses and any cybersecurity systems testing.

Company Information