HOOKER FURNISHINGS Corp - (HOFT)

10-K Filing Date: April 12, 2024
ITEM 1C. CYBERSECURITY

 

Risk Management and Strategy

 

The Company's cybersecurity risk management program is integrated into the overall risk management framework, including risk identification, assessment, and mitigation across all business areas. We have collaborated with external consultants and built a cybersecurity program designed to protect and safeguard the integrity of our information systems, which aligns with industry best practices and regulatory requirements. To continually enhance the effectiveness of the practice, we regularly assess the program’s measures, contractual obligations, and compliance with industry standards. Additionally, we maintain cyber insurance coverage, including protection against social engineering fraud, to further mitigate potential financial losses from cybersecurity incidents.

 

We have previously experienced actual or attempted cyber-attacks on our information systems or networks; however, none of these incidents had a material impact on our operations or financial condition. For additional information on the impact of cyber risks, refer to Part I, Item 1A. Risk Factors on page 13.

 

19

 

Governance

 

The board of directors oversees the Company’s practice for assessing, identifying and managing material risks from cybersecurity threats. The Audit Committee, consisting of all of the board’s independent directors with one member holding the CERT Certificate in Cybersecurity Oversight, reviews and discusses with management and the independent auditor on the Company’s significant financial risk exposures for matters related to cybersecurity risk, including the steps management has taken to monitor and manage such exposures.

 

The Company’s Chief Information Officer leads the overall cybersecurity strategy and risk management program. This includes overseeing risk assessments, developing security policies and procedures, and managing the IT security team. Senior executives, including the Company’s CEO and CFO, integrate cybersecurity risks into the overall business strategy and financial planning. The IT department executes daily security tasks such as vulnerability scanning, threat detection, and incident response. The Chief Information Officer and IT security team provide regular reports to senior management on the Company’s cybersecurity posture, identified vulnerabilities, and ongoing incident management activities. Management provides the Audit Committee with quarterly updates on the Company's cybersecurity practices.