UNIVERSAL ELECTRONICS INC 10-K Cybersecurity GRC - 2025-03-11

Page last updated on March 11, 2025

UNIVERSAL ELECTRONICS INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-11 15:07:17 EDT.

Filings

10-K filed on 2025-03-11

UNIVERSAL ELECTRONICS INC filed a 10-K at 2025-03-11 15:07:17 EDT
Accession Number: 0000101984-25-000038

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY We have developed cybersecurity risk management processes to identify, manage, and prevent risks related to cybersecurity. Our Information Technology (“IT”) team manages our cybersecurity program and the security measures and processes we have in place. Risk Management and Strategy Cybersecurity is managed as part of our enterprise risk management program. We have integrated cybersecurity risk management into our enterprise-wide risk assessment through evaluations of IT infrastructure, compliance audits and aligning cybersecurity goals with overall business objectives. We work with cybersecurity experts to better understand potential cybersecurity threats. Measures we have employed to identify potential cybersecurity threats include advanced threat detection systems, such as intrusion detection systems and security information and event management tools. We manage and work to prevent these cybersecurity threats using a variety of strategies, including deploying firewalls and anti-malware tools, implementing access controls and leading security audits. Our incident response plans and monitoring systems also support detection and prevention of cybersecurity threats. We aim to monitor these risks in connection with third parties in addition to our own operations. We collaborate with external cybersecurity consultants and auditors for independent audits and vulnerability assessments of our existing processes and systems. Our third-party cybersecurity risk assessment program is designed to oversee certain third parties and have those third parties adhere to cybersecurity standards. This program has measures to help further manage and attempt to mitigate potential cybersecurity risks arising from third-party engagements, including security audits, compliance checks for cybersecurity standards, risk evaluation procedures for certain third parties, contractual security requirements in certain third party agreements and monitoring tools. We conduct cybersecurity training with our employees as appropriate based on their roles within the Company. Governance Our Board of Directors plays a role in guiding and overseeing our cybersecurity strategies and has tasked our Audit Committee with the responsibility for cybersecurity oversight by setting policies, reviewing risk management strategies and reviewing compliance with legal and regulatory requirements. The Audit Committee, as appropriate, briefs the Board of Directors on cybersecurity matters. Management is also responsible for upholding our cybersecurity processes. To this end, we have established a global cybersecurity management team, led by our Vice President, Cybersecurity . Our Vice President, Cybersecurity reports directly to our Senior Vice President and CFO and is primarily responsible for cybersecurity oversight and for developing strategies to mitigate risks from cybersecurity threats, monitoring policy compliance and educating staff on security practices. In carrying out his duties, our Vice President, Cybersecurity provides periodic reports to the Director of our Internal Audit Department, who, in turn, briefs the Audit Committee of the Board of Directors on the contents of such reports, including incident reports, compliance status and updates on cybersecurity initiatives. Our Vice President, Cybersecurity has extensive experience assessing and managing risks from cybersecurity threats, including more than 20 years of experience in information technology and information security positions; serving in information technology leadership positions at the Company for more than 7 years; and has other significant experience in the areas of risk management, information technology and information security, including the following industry certifications: MCSE, MCDBA and CISSP. To date, management has not identified risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, that have materially affected or are reasonably likely to materially affect the Company, including its business strategy, results of operations, or financial condition. While we work to maintain our cybersecurity processes, there can be no assurance that such actions will be sufficient to prevent cybersecurity incidents or mitigate all potential risks or threats to such systems, networks, and data or those of our third-party providers.

Company Information