Archer-Daniels-Midland Co - (ADM)
10-K Filing Date: March 12, 2024
Item 1C.CYBERSECURITY (Continued)
The Company has a dedicated cybersecurity team that collaborates with compliance, privacy, legal, and other teams across the global organization to assess the risk landscape. ADM’s cybersecurity program is designed to be aligned with applicable industry standards and is assessed regularly by independent third-party auditors. The multifaceted nature of the Company’s cybersecurity measures includes aspects of prevention, detection, and response capabilities, employee training programs, threat intelligence monitoring, and the implementation of an array of technologies. The Company has established processes to oversee and identify cybersecurity risks associated with the use of third-party service providers, which include the completion of due diligence before engaging with any third party, controls for response to mitigate any significant risks, and assessments and reviews during the course of the relationship. Additionally, the Company has ongoing partnerships with government and commercial cybersecurity experts to understand emerging cybersecurity threats.
The Company has seen an increase in cyberattack volume, frequency, and sophistication. ADM seeks to detect and investigate unauthorized attempts and attacks against its network, products, and services, and to prevent their occurrence and recurrence where practicable through changes or updates to the Company’s internal processes and tools; however, ADM remains potentially vulnerable to known or unknown threats. The Company’s cyber incident response plan includes an escalation process if a cybersecurity incident meets specific rating criteria to trigger swift and effective action designed to minimize potential disruptions and protect the integrity of our operations. The Company also conducts periodic cybersecurity scenarios with senior management to enhance preparedness.
The Board of Directors has oversight of cybersecurity risk, which it manages as part of the ERM program. The Board of Directors is assisted by the Audit Committee, which regularly reviews the cybersecurity program with management and reports to the Board of Directors. Cybersecurity reviews by the Audit Committee or the Board of Directors generally occur quarterly, or more frequently as determined to be necessary or advisable. In recent years, the Board added a director who had served as Chief Information Officer for a large public company with sensitive information to assist the Board and Audit Committee in overseeing cybersecurity risks.
The Company’s cybersecurity program is led by the Chief Information Security Officer (CISO), who reports to the Senior Vice President and Chief Technology Officer (CTO). The CISO is informed about and monitors prevention, detection, mitigation, and remediation efforts through regular communication and reporting from professionals in the information security team, many of whom hold cybersecurity certifications in Information Systems Security or Information Security Management, and through the use of technological tools and software and results from third party audits. Additionally, the CISO directs the Global Information and Cyber Security Council (the “Council”), which includes a diverse range of relevant experts. The Council includes management from global technology, compliance, privacy, controlling, operations, security, automation, ERM, and internal audit. The Council promotes alignment and communication of new and ongoing cybersecurity prevention techniques and provides a forum for staying current on the latest cybersecurity threats.
The CISO and CTO have extensive experience assessing and managing cybersecurity programs and cybersecurity risk. The CISO has served in that position since 2018 and, was previously the Vice President, Head of Enterprise Security, Americas at Worldpay and a Security Principal/Strategist for Hewlett Packard Enterprises for a combined cybersecurity experience of 20 years. The CTO joined ADM in 2016 and was previously Senior Vice President and Chief Information Officer at Dow Corning Corporation for approximately 6 years.