Lovesac Co 10-K Cybersecurity GRC - 2025-04-10

Page last updated on April 10, 2025

Lovesac Co reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-04-10 07:16:04 EDT.

Filings

10-K filed on 2025-04-10

Lovesac Co filed a 10-K at 2025-04-10 07:16:04 EDT
Accession Number: 0001628280-25-017241

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. Risk Management and Strategy We recognize the importance of assessing, identifying, and managing material risks associated with cybersecurity threats, as such term is defined in Item 106(a) of Regulation S-K. These risks include, among other things: operational risks, intellectual property theft, fraud, extortion, harm to employees or customers and violation of data privacy or security laws. The Company is committed to protecting its information system and data from cyber threats.We utilize third party technical tools to control system access and filter, restrict and regulate content that may pose a material risk to the Company. Employees are required to use multi-factor authentication to access Company systems and undergo annual security training. Management is responsible for identifying, monitoring and mitigating the material risks facing the Company, including cybersecurity risks. Management provides regular reports to the Board at every meeting to review our top risks, identify trends and help manage risk. Our cybersecurity risk management and strategy is overseen by our Chief Information Officer as well as other members of the senior leadership team at Lovesac. These individuals are informed about, and monitor the prevention, mitigation, detection and remediation of cybersecurity incidents and report to the Board on any appropriate items. Our Chief Information Officer has over 35 years of experience managing information technology and cybersecurity matters and is responsible for assessing and managing these cybersecurity risks. Team members who support our information security program have relevant educational and industry experience. Cybersecurity Governance Cybersecurity is an important part of our risk management and an area of focus for our Board and management. Our Board of Directors is responsible for the risk oversight of the Company, including cybersecurity risks. The Board receives updates on a quarterly basis from senior management, including leaders from our Information Technology and Security, Risk Management. Finance, and Legal teams and our Chief Information Officer regarding matters of cybersecurity. This includes existing and new cybersecurity risks, status on how management is addressing and/or mitigating those risks, cybersecurity and data privacy incidents (if any) and status on key information security initiatives. The Audit Committee of the Company’s Board of Directors oversees, among other things, the adequacy and effectiveness of the Company’s internal controls, including internal controls designed to assess, identify, and manage material risks from cybersecurity threats. The Board of Directors, as a whole and at the Audit Committee level, oversee the most significant risks facing the Company and our processes to identify, prioritize, assess, manage and mitigate those risks. The Audit Committee, which is comprised solely of independent directors, has been designated by our Board to oversee cybersecurity risk. The Audit Committee is informed of material risks from cybersecurity threats pursuant to the escalation criteria as set forth in the Company’s disclosure controls and procedures. The Audit Committee receives reports, briefings and presentations from senior management, including our Chief Information Officer, at periodic committee meetings, including, more in-depth presentations on specific areas of risk and regular enterprise risk management updates. Although the Company endeavors to mitigate cybersecurity risks, the nature of our business exposes us to cybersecurity threats and attacks that can lead to the unauthorized acquisition or access, compromise, loss, misuse or theft of our data, including personal information, confidential information or intellectual property. Additional information on cybersecurity risks we face is discussed in Part I, Item 1A, “Risk Factors,” under the heading “Legal, Tax and Regulatory Risks.”

Company Information