TITAN INTERNATIONAL INC - (TWI)

10-K Filing Date: February 29, 2024
ITEM 1C – CYBERSECURITY

The Company subscribes to a defense in depth strategy when it comes to cybersecurity and has processes in place to assist in the assessment, identification, and management of material risks from threats. The Company maintains technical and organizational safeguards, including employee training, incident response capability reviews, cybersecurity insurance and business continuity mechanisms for the protection of the Company’s assets. From time to time, the Company’s processes are audited and validated by internal and external experts. Semi-annually, the Company performs a risk mitigation assessment to assess and determine specific cybersecurity risks prevalent within the global information technology infrastructure and how those risks are mitigated. Further, through the use of an independent third-party service provider, the Company performs external penetration testing as well as internal network vulnerability testing to assess and identify gaps and vulnerabilities within the global information systems.

In the event of a cybersecurity breach, the Company would execute its incident response plan, which provides a structured response, including proper reporting and communication of the incident. When a cybersecurity incident is determined to be significant, it is addressed by Senior Director of Information Technology using processes that leverage subject-matter expertise from across the Company. Further, the Company typically will engage third-party advisors as part of our incident management processes. All cybersecurity incidents that are identified as having the potential to be highly significant to the Company are brought to the attention of SVP, Chief Financial Officer as part of our cybersecurity incident response processes. The Company's executive management would report such incidents to the Company's Board of Directors as deemed necessary based on the overall significance and impact to the Company.

Cybersecurity risk management is incorporated into our overall enterprise risk management program. As part of its enterprise risk management efforts, critical enterprise risks are assessed by senior management annually and discussed with the Company's Board of Directors.
There have been no recent incidents of cybersecurity breaches within the Company’s information systems in the past three fiscal years. For additional information, refer to the section entitled "The Company may be adversely affected by a disruption in, or failure of, information technology systems" within Item 1A Risk Factors.