Monster Beverage Corp - (MNST)

10-K Filing Date: February 29, 2024
ITEM 1C.CYBERSECURITY

Our Board recognizes the importance of maintaining the trust and confidence of our customers, consumers, employees and other stakeholders and oversees all cybersecurity matters. Management plays a central role in our information security program, which is a critical component of our enterprise risk management and includes the implementation of controls aligned with industry best practices and applicable frameworks to identify threats, deter attacks and protect our Company assets. In addition, we engage a range of cybersecurity experts, including cybersecurity auditors, assessors, and consultants, in evaluating and testing our risk management systems. These partnerships enable us to leverage specialized knowledge and insights and ensure that our cybersecurity strategies and processes remain in line with industry best practices. Our collaboration with these third parties includes regular audits, threat assessments, and consultation on security enhancements.

Our Chief Information Officer and his team are responsible for leading our cybersecurity strategy, policy, standards, architecture, and processes. Our information security leadership team has more than 20 years of combined experience in cyber and information security matters. Our information security program is also supported by our Chief Compliance Officer and other members of senior management. We conduct periodic reviews of our program by internal and external experts with the results of those reviews reported to senior management and the Board. We have procedures in place for selecting and managing our relationships with third-party service providers and other business partners. For example, we require certain third-party service providers and other business partners to provide us with SOC II reports that demonstrate compliance with security standards. We also actively engage with industry participants, as well as intelligence and law enforcement communities as appropriate, as part of our continuing efforts to evolve our cybersecurity governance.

Our information security team promptly informs our Incident Response Team of potentially material cybersecurity incidents, including with respect to our third-party service providers. The Chief Information Officer briefs our Co-Chief Executive Officers and reports to the Audit Committee of our Board (the “Audit Committee”). The Audit Committee, in turn and if necessary, briefs the Board on, among other matters, our cyber risks and threats, the status of projects to strengthen our information security systems (such as employee cybersecurity training), an assessment of the information security program, and the emerging threat landscape. The Cybersecurity and Compliance Steering Committee, comprised of senior members of management, has convened and is scheduled to convene on a quarterly basis to review all matters related to strengthening our cybersecurity posture and providing governance.

For a discussion regarding risks from cybersecurity threats that are reasonably likely to affect the Company, see “Part I, Item 1A – Risk Factors – Our use of information technology and third party service providers exposes us to cybersecurity breaches and other interruptions that could disrupt our business operations and adversely impact our reputation and results of operations” and “If we fail to comply with data privacy and personal data protection laws, we could be subject to adverse publicity, government enforcement actions and/or private litigation, which may negatively impact our business and operating results.”

41