AstroNova, Inc. - (ALOT)

10-K Filing Date: April 12, 2024
Item 1C. Cybersecurity

Cybersecurity Risk Management and Strategy

We have made substantial investments in cybersecurity risk management, and it is an integral part of our overall enterprise risk management program. We have implemented a variety of tools and a process designed to identify, monitor, evaluate and respond to cybersecurity threats and incidents, including those associated with our use of third-party vendors and service providers. Our process consists of steps for identifying the source of a cybersecurity threat or incident, including whether such cybersecurity threat or incident is associated with a third-party vendor or service provider; implementing cybersecurity countermeasures and mitigation strategies, and informing management and our board of directors of potentially material cybersecurity threats and incidents or other significant changes in the evolving cybersecurity threat landscape. We intend to continue to make substantial investments in cybersecurity risk management to improve our tools and processes because the cybersecurity threat continues to evolve. While we continue to invest in our infrastructure environment and monitoring capability, and in due diligence with respect to the third parties with whom we interact, there can be no assurance that we can prevent, mitigate, or remediate the risk of any compromise or failure in the cybersecurity infrastructure owned or controlled by us or any third-party vendor or service providers that we use.

17


 

Our Information Technology team reports to senior management and is responsible for assessing and maintaining our cybersecurity risk management program. In addition, they collaborate with third-party security specialists as necessary, aiming for thorough risk assessments and system improvements. Together with our third-party security service providers, the Information Technology team oversees our processes for the prevention, detection, mitigation, and resolution of cybersecurity incidents. Throughout the year, we regularly train our employees on cybersecurity awareness and confidential information protection. We review or update our cybersecurity policies and the effectiveness of our programs to manage cybersecurity risk on a continuing basis, to account for changes in the evolving cybersecurity threat landscape, as well as for any related legal and regulatory developments that may occur.

Cybersecurity threats have the potential to materially affect our company, including our business strategy, results of operations, and financial condition. While we have not experienced material adverse effects from cybersecurity threats to date, we recognize the evolving nature of these risks and remain vigilant in our efforts to mitigate potential impacts. Refer to “Item 1A. - Risk Factors” in this annual report on Form 10-K, including, “We could experience a significant disruption in or security breach of our information technology system which could harm our business and adversely affect our results of operations,” for additional discussion on our cybersecurity related risks.

Cybersecurity Governance

Our management, including our Chief Executive Officer (“CEO”) and Chief Financial Officer (“CFO”), and Information Technology team are responsible for identifying and assessing cybersecurity risks on an ongoing basis, establishing processes designed to provide reasonable assurance that such potential cybersecurity risk exposures are monitored, instituting appropriate mitigation and remediation measures, and maintaining cybersecurity programs. Additionally, since we do not have a full time Chief Information Security Officer, we obtain additional domain expertise from third party outside resources. Our cybersecurity programs are managed under the direction of our CFO, who receives reports from our Information Technology team and third-party resources to monitor the prevention, detection, mitigation, and remediation of cybersecurity risks.

Our board of directors has oversight responsibility for our overall enterprise risk management and directly oversees our cybersecurity risk management. As part of its enterprise risk management efforts, our board of directors regularly receives reports from management on our cybersecurity programs with regard to any risks that may arise from specific cybersecurity threats and incidents. The board of directors oversees management’s programs, policies and processes in place that identify, monitor, assess, and respond to cybersecurity, data privacy, and other information technology risks to which we are exposed.