WEIS MARKETS INC - (WMK)

10-K Filing Date: February 28, 2024
Item 1c. Cybersecurity: (continued)

Management’s Role Managing Risk

The Company’s cybersecurity risk management is part of the Company's Information Security Office, led by the Chief Information Officer. In order to manage the risks associated with cybersecurity threats, the Company has implemented an Information Security Incident Response Plan.

The Company engages with a range of third-party experts, including cybersecurity assessors, consultants, and auditors in evaluating and testing its risk management systems. These relationships enable Management to leverage specialized knowledge and insights with respect to the Company’s cybersecurity strategies and processes.

The Company's Information Security Incident Response Plan includes detailed processes and controls related to cybersecurity awareness training for employees, phishing simulations, backup and recovery, response planning, vulnerability management and endpoint protection as well as ongoing cybersecurity requirements for third-party service providers. The framework is regularly reviewed, assessed, and updated. This framework is designed to mitigate risks related to data breaches or other security incidents originating from third parties.