ITEM 1C. CYBERSECURITY

 

The Company faces various cybersecurity threats. The purpose of the Company's cybersecurity program is to assess, identify, manage and mitigate cybersecurity risk while supporting the achievement of the Company's business objectives.

 

Under the Company's comprehensive risk management program, the board of directors (the "Board") of the Company maintains oversight of the most significant risks facing the Company, including cybersecurity risks, while senior management is responsible for the identification and prioritization of risks that are material to the Company's business, corresponding risk-mitigation efforts and day-to-day management of the Company's risk management program. At least annually, the Board receives cybersecurity briefings from senior executives.

 

The Company's cybersecurity program sets the framework for the Company's approach to cybersecurity. Each business segment of the Company designates individuals with appropriate qualifications and experience to be responsible for addressing cybersecurity matters, including assessing, identifying and managing risks from cybersecurity threats, with a direct reporting line to senior management. Under the Company's approach to cybersecurity, each business segment designs and operates its own information and cybersecurity program tailored to its market, customer requirements, regulatory requirements and threats. The Company's cybersecurity policy and procedures are designed to ensure senior management receives timely and adequate information regarding cybersecurity matters, including threats and incident response, as appropriate to the matter.

 

As part of the Company's approach to cyber risk management, the Company performs internal audits of internal processes and controls relating to cybersecurity. Every year, the Company engages third-party experts to conduct cyber penetration testing. Based on their findings and recommendations, the Company makes the appropriate updates to its cybersecurity software.

 

Although the Company has designed its cybersecurity program and oversight to mitigate cybersecurity risks, the Company faces unknown cybersecurity risks, threats, and attacks. To date, these risks, threats or attacks have not had a material impact on the Company's operations, business strategies or financial results, but the Company cannot provide assurance that they will not have a material impact in the future. See Item 1A - Risk Factors above for additional discussion of various cybersecurity risks.