DYCOM INDUSTRIES INC - (DY)
10-K Filing Date: March 01, 2024
Item 1C. Cybersecurity.
Cybersecurity Risk Management and Strategy
We are committed to protecting the confidentiality, integrity, and availability of our information assets and managing cybersecurity risks effectively. Our cybersecurity strategy focuses on proactive risk management, continuous improvement, collaboration and partnerships, and investment in security technologies.
We face various cybersecurity risks, including unauthorized access, information leakage, malware and viruses, technical disruption, and insider threats. Identifying, assessing, and managing these risks is the foundation of our comprehensive cybersecurity framework and is integrated into our overall risk management systems and processes. We have implemented strong access controls, regular security assessments, vulnerability management, user education and awareness, monitoring, threat intelligence (including user behavior analytics), and managed detection and response to mitigate cybersecurity risks.
Our implementation of strong access controls includes multi-factor authentication, least privilege access, role-based access control, and network segmentation to ensure information assets are protected from unauthorized access and/or exposure.
We conduct regular security assessments to identify vulnerabilities, test compliance, proactively address security risks that would impact the organization, and prioritize those risks based on their likelihood and potential impact. The associated activities include performing risk, vulnerability, penetration, and compliance assessments to assist in identifying potential internal and external threats and weaknesses in our systems, networks, and applications and performing simulations to test and improve our incident response plans while building resiliency.
In addition to the controls and assessments noted above, we regularly engage with our internal and external auditors and third-party cybersecurity consultants to assess our cybersecurity program, ensuring adherence to applicable industry standards, practices, and laws.
Our cybersecurity program also includes third-party risk management evaluation and monitoring of our suppliers, vendors, and other business partners to help identify and mitigate risks that may impact our company. We evaluate existing risks, threats, and prior cybersecurity incidents of new vendors, suppliers, and business partners using various risk assessments.
Cybersecurity Governance
Cybersecurity governance is a critical component of our organization’s overall risk management framework and an area of focus for our Board and management. Our Board has delegated primary responsibility for overseeing risks from cybersecurity threats to the Audit Committee. The Audit Committee oversees information technology and cybersecurity, including strategies, risk identification and mitigation, and data privacy protection (“Information Security”).
The Company’s Chief Information Officer has been serving in this role for the company for 17 years and has over 30 years of experience in various information security and related technology roles. The Chief Information Officer oversees an internal information security team, which works in partnership with the Company’s internal audit department to review information technology-related controls with our external auditors as part of the overall internal controls process. The Chief Information Officer, who is in regular communication with the information security team, reports regularly to the Chief Executive Officer regarding vulnerabilities, new and developing threats, and compliance matters and also reports to the Audit Committee. The Audit Committee receives reports from the Chief Information Officer on a periodic basis, and more frequently, as needed, regarding cybersecurity-related matters. Such reports include updates with respect to existing and new cybersecurity risks, cybersecurity risk management and mitigation, cybersecurity incidents, as applicable, and key information security initiatives and recent developments.