LGL GROUP INC 10-K Cybersecurity GRC - 2025-03-31

Page last updated on March 31, 2025

LGL GROUP INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-31 16:58:58 EDT.

Filings

10-K filed on 2025-03-31

LGL GROUP INC filed a 10-K at 2025-03-31 16:58:58 EDT
Accession Number: 0001437749-25-010246

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Cybersecurity risk management is an integral part of our overall risk management efforts. The Company has chosen the National Institute of Standards (“NIST”) for its base framework. Controls in the NIST SP 800-53 catalog have been tailored based on inheritance from MtronPTI controls, internally determined information technology (“IT”) general controls and industry best practices to create a balanced approach to protecting the confidentiality, integrity, and availability of our systems. We also seek to mitigate risk and manage any residual financial risk through a robust cyber insurance policy. The Board of Directors has ultimate oversight of the Company’s risk management. Pursuant to its charter, the Audit Committee of the Board of Directors has primary responsibility for the oversight of cybersecurity and information technology risks, and the Company’s preparedness for these risks. The Audit Committee receives regular updates from our senior management and MtronPTI personnel (pursuant to the Transitional Administrative and Management Services Agreement between us and MtronPTI) on cybersecurity risk. The Company’s cybersecurity incident response is overseen by MtronPTI’s Director of IT, who is a member of MtronPTI’s enterprise management team and also reports to the LGL Group Co-CEOs for all matters concerning LGL Group cybersecurity. The Company performs risk assessments and reviews information on relevant internal and industry cybersecurity incidents. The Audit Committee is notified of any incidents which could materially affect us. These regular updates include topics related to cybersecurity practices, cyber risks, mitigation strategies, and other cybersecurity developments. Significant findings related to cybersecurity, data and technology risks or incidents are regularly reported to and discussed at the Board level. MtronPTI’s IT team operates an ISO 27001 certified Information Security Management System. MtronPTI’s IT participates in several industry information sharing groups, including the Defense Industrial Base Cybersecurity Program and The Society of Industrial Security Professionals and has also fostered local contacts with the Federal Bureau of Investigations (“FBI”) and local industry peers. The IT team monitors industry news daily and response to threat feeds from multiple sources. To further its cybersecurity efforts, MtronPTI partners with several external entities including: - A commercial threat feed integrated with its perimeter security devices in partnership with the Defense Cyber Crime Center; - A commercial Domain Name System (“DNS”) security service integrated with perimeter security devices; and - A commercial email threat detection service including detonation chamber services. All LGL Group users with both email and enterprise resource planning (“ERP”) system access are provided quarterly and annual cyber security training and participate in bi-weekly phishing tests to maintain continuous awareness of threats. Access to the Company’s ERP system is limited by a second layer of access approval and authorization. Based on the information available as of the date of this Annual Report on Form 10-K, we did not identify any cybersecurity threats that have materially affected or are reasonably likely to materially affect our business strategy, financial condition or results of operations. However, despite our security measures, we cannot eliminate all risks from cybersecurity threats, or provide assurances that we will not experience a cybersecurity incident in the future that will materially affect us. Additional information on cybersecurity-related risk is discussed under the heading “Cybersecurity risks and cyber incidents may adversely affect our business by causing a disruption to our operations, a compromise or corruption of our confidential information, and/or damage to our business relationships, all of which could negatively impact our financial results.” in Part I, Item 1A. of this Annual Report on Form 10-K.

Company Information