MONOLITHIC POWER SYSTEMS INC - (MPWR)
10-K Filing Date: February 29, 2024
Cybersecurity
Cybersecurity Risk Management and Strategy
We recognize the imperative to diligently manage cybersecurity risks as defined in Item 106(a) of Regulation S-K. Such risks include operational risks of ransomware, phishing, fraud, extortion, harm to employees or customers and violation of data privacy or security laws.
We address cybersecurity risks in our business, technical operations, privacy and compliance issues through a diversified approach including threat-monitoring and assessments by third-parties, adopting IT security ISO standards/governance, proactive risk and compliance reviews. In order to defend against cybersecurity incidents, we carry out real-time cybersecurity threat monitoring of IT assets, perform penetration testing, audit applicable data policies and conduct directed employee training. We also monitor existing and emerging laws and regulations related to data protection and information security and implement appropriate changes. We maintain an insurance policy that provides certain coverage for losses we incur due to data breaches and other cybersecurity incidents.
We implemented incident response and breach management processes consisting of four stages: 1) monitor for and identify cybersecurity incidents, 2) carry out security incident analysis, 3) contain and recover, and 4) improve with post-incident analysis. Such incident responses are governed by the Cybersecurity Steering Committee.
We regularly engage external auditors to assess our internal cybersecurity programs and compliance and have been certified to conform to the requirements of ISO/IEC 27001.
There are no identified cybersecurity threats that have materially affected or are reasonably likely to materially affect our results of operations, or financial condition as of the date of this Annual Report on Form 10-K.
See “Risk Factors” for more information on our cybersecurity risks.
Cybersecurity Governance
As an important part of our risk management processes, cybersecurity is a focus area for our Board and management. Our Nominating and Corporate Governance Committee (the “NCG Committee”), which consists of independent members of the Board of Directors, is responsible for the oversight of risks from cybersecurity threats. The NCG Committee receives quarterly updates from the Cybersecurity Steering Committee. These updates include existing and emerging cybersecurity threats, risks, cybersecurity incident management and key information security initiatives. The NCG Committee also provides updates to our cybersecurity risk management and strategy programs to the Board of Directors on a quarterly basis.
Our cybersecurity risk management and strategy processes are overseen by the Cybersecurity Steering Committee, which includes individuals with an average of over 18 years of prior work experience in various roles involving IT governance and management, cybersecurity, auditing, and compliance. The Cybersecurity Steering Committee actively participates in the cybersecurity risk management and strategy processes as described above, and regularly reports to senior management and the NCG Committee.