DIXIE GROUP INC - (DXYN)
10-K Filing Date: March 20, 2024
Item 1C. CYBERSECURITY
Cybersecurity Risk Management and Strategy
We recognize cybersecurity as a critical aspect of our overall risk management program and are committed to maintaining a cybersecurity program to protect our information assets, systems, and operations. Our cybersecurity risk management program is integrated into our overall enterprise risk management program and shares common methodologies, reporting channels and governance processes that apply across the enterprise risk management program to other legal, compliance, strategic, operational and financial risks areas. We continuously evaluate and enhance our cybersecurity program based on lessons learned, industry best practices and feedback from internal and external stakeholders.
Key aspects of our cybersecurity risk management program include:
•risk assessments designed to help identify, prioritize and mitigate potential material cybersecurity risks to our critical systems and information;
•an internal Information Technology staff responsible for managing our cybersecurity risk assessment processes, our security controls and our response to cybersecurity incidents;
•the use of external service providers, where appropriate, to assess, test or otherwise assist with aspects of our security controls;
•cybersecurity awareness training of our associates, incident response personnel and senior management;
•a cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents; and
•a third-party risk management process for key service providers, suppliers, and vendors.
We did not experience a material cybersecurity incident during the year ended December 30, 2023; however, the scope and impact of any future incident cannot be predicted. See "Item 1A. Risk Factors" for more information on our cybersecurity-related risks.
Cybersecurity Governance
Our Board of Directors (the "Board") has oversight responsibility for cybersecurity risk management. The Board oversees management's ongoing activities related to our cybersecurity risk management program. The management team is responsible for the implementation and execution of our cybersecurity program. In addition, the management team provides guidance and direction on cybersecurity priorities, resource allocation and risk tolerance levels. The Board receives quarterly updates from the management team on cybersecurity matters.
11