ALLIENT INC - (ALNT)
10-K Filing Date: March 05, 2024
Cybersecurity Risk Management and Strategy
Allient has processes in place to assess, identify, and manage material risks from cybersecurity threats. We regularly undertake audits and evaluations (including to the National Institute of Standards and Technology (NIST) SP 800-171 standards) and enhance our security framework based upon the results of those audits and evaluations. For new associates, and on an annual basis thereafter, we require associates to take security awareness training and conduct on-going phishing recognition training and testing programs.
We have integrated cybersecurity risk management into our enterprise risk management program, and our management, lead by our Global Information Technology Director, regularly review cybersecurity risks. We rely extensively on information technology (“IT”) systems for the storage, processing, and transmission of our electronic, business-related information assets used in, or necessary, to conduct business. We leverage our internal information technology infrastructures, and those of our business partners, to enable, sustain, and support our global business activities. In addition, we rely on networks and services, including internet sites, data hosting and processing facilities and tools and other hardware, software and technical applications and platforms, some of which are managed, hosted, provided and/or used by third-parties or their vendors, to assist in conducting our business.
Numerous and evolving cybersecurity threats pose potential risks to the security of our IT systems, networks and services, as well as the confidentiality, availability and integrity of our technology systems and data. In addition, the laws and regulations governing security of data on IT systems is evolving and adding another layer of complexity in the form of new requirements.
19
Over the last three years, we have experienced one known information security breach, in connection with a ransomware incident that occurred in June 2021. Costs incurred related to the information security breach did not have a material adverse effect on our results of operations in the years ended December 31, 2023, 2022, and 2021. However, as cybersecurity incidents continue to increase in scope, complexity, and frequency, we may be unable to prevent a significant incident in the future which may materially impact our results of operations.
Our cybersecurity program engages third parties when necessary. In the past, we have had cybersecurity incidents and we have made, and continue to make investments, seeking to address these threats, including monitoring of networks and systems, hiring of experts to evaluate and test our systems, employee training and security policies for employees and third-party providers. All third parties that we use have been vetted and have significant reputations in the industry. As such, controls from the third-party vendors have been deemed to be adequate prior to any goods or services having been provided.
Cybersecurity Governance
Management is responsible for the development of all cybersecurity programs, including the monitoring, prevention, detection, mitigation, and remediation of cybersecurity incidents. Our Board receives quarterly reports regarding the overall cybersecurity risk management process. The Board and Audit Committee are responsible for information security oversight. Two members of the Company’s Board have relevant information security and cybersecurity experience. As part of their oversight, senior leadership meets with the Audit Committee at least annually to discuss information security and cybersecurity matters.
For additional information regarding risks related to information technology and cybersecurity, as well as governance related to managing such risks - see also Item 1.A: Risk Factors.
20