Hamilton Beach Brands Holding Co - (HBB)

10-K Filing Date: March 06, 2024
Item 1C. CYBERSECURITY

Risk Management and Strategy

The Company is subject to various cybersecurity risks that could impact our systems and our ability to operate. We have developed processes to assess, identify and manage our risks related to cybersecurity threats which are incorporated into the Company’s overall risk management process. On an ongoing basis we utilize threat prevention systems to monitor, block and protect our information technology systems which are monitored continuously by trained security personnel. Our process to prevent cybersecurity incidents involves layered security architecture to protect our networks, end-user devices, servers, and cloud solutions. On a regular basis, we conduct phishing email simulations and provide training resources to our employees. We have an Incident Response Plan to outline our process to manage cybersecurity threats and incidents. We utilize industry recognized security and compliance experts for regular security assessments. In order to oversee and identify risks from cybersecurity threats associated with our use of third-party service providers, we review their compliance against internationally recognized standards.

As of the filing of this Form 10-K, we are not aware of any cyber attacks that have occurred since the beginning of 2023 that have materially affected, or are reasonably likely to materially affect us, including our business strategy, results of operations or financial condition. We describe whether any risks from cybersecurity threats, have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition, under the heading “The Company’s business could suffer if information technology systems are disrupted, cease to operate effectively or become subject to a cybersecurity breach” included within our risk factor disclosures in Item 1A. Risk Factors of this Annual Report on Form 10-K, which information is incorporated herein by reference.

Governance

Cybersecurity is among our Board’s oversight priorities. Through their oversight role, the Board has allocated oversight of cybersecurity risk to our Audit Review Committee of the Board. Our Audit Review Committee plays a vital role in our cybersecurity risk management process and regularly reviews the Company’s cybersecurity and other information technology risks, controls and procedures. At multiple points throughout the year, management provides the Audit Review Committee with updates to our cybersecurity risk management process and our security monitoring and protection systems. The Audit Review Committee is kept informed of new security solutions planned for deployment. As part of their regular review of reports from management, the Audit Review Committee regularly reports cybersecurity risk updates to the Board, which enables the Board to incorporate the insights of such reports into its overall risk oversight analysis.

Our cybersecurity risk management processes are led by our VP, IT Business Solutions who has over 22 years of experience in various roles involving managing information systems and cybersecurity functions and developing cybersecurity strategies. Through these roles the VP, IT Business Solutions has implemented information technology security and privacy policies across multiple infrastructure and application platforms and led identity and access management. In order to enable the Company to prevent, detect, mitigate and remediate cybersecurity incidents, our security monitoring and protection systems are continuously monitored. The VP, IT Business Solutions is kept informed in accordance with our Incident Response Plan and reports matters to the Audit Review Committee as necessary. Additionally, we have a Cyber Security Task Force in place that is comprised of individuals across our various departments within our organization including information systems, legal, finance, internal audit, sales and marketing, engineering and supply chain teams which meets regularly to further advance our cybersecurity strategy.

14