VICOR CORP - (VICR)
10-K Filing Date: February 28, 2024
Our Company has a dedicated team of technology professionals who consistently monitor risks related to cybersecurity. Our Corporate Vice President and Chief Information Officer, as well as our Chief Information Security Officer (“CISO”) are responsible for managing our information technology (“IT”) security program. Our CISO is a Certified Information Systems Security Professional (CISSP), holds a Masters Degree in Computer Information Systems, and has over 20 years of relevant expertise in assessing and managing cybersecurity risks. Their teams are responsible for leading an enterprise-wide cyber resilience strategy, policy, standards, architecture, and processes. To identify and address potential information security risks, we use a defense-in-depth methodology that employs multiple, redundant defensive measures and outlines actions to take in the event of a security control failure or vulnerability exploitation. To protect the Company from cybersecurity threats, we utilize a combination of internal resources and external consultants and providers. These consultants and providers provide services such as penetration testing, incident response, and third-party assessments. In addition, we use a combination of both proprietary and commercial solutions to proactively manage and mitigate threats to our IT environment and these processes have been integrated into the Company’s overall risk management system.
Our CISO oversees security, including the corporate IT environment, our public cloud presence, and security standards that are used as a framework for managing security across our Company. Our CISO is also responsible for security awareness, administering our corporate security training, and sponsoring our cybersecurity policy and standards. Our cybersecurity plan is reviewed annually, and our Audit Committee has delegated to the Executive Security Incident Response Team which is made up of our Chief Financial Officer, a Board member and senior management representatives in the legal, IT and finance functions, oversight of our cybersecurity program. The Executive Security Incident Response Team receives regular updates directly from our CISO and Vicor product security experts from various business and operational areas. We maintain various security certifications across the Company, and part of our compliance program includes processes to oversee and identify material risks from cybersecurity threats and include the use of third-party service providers to perform regular audits to ensure our security management program remains current.
Our objective for managing information security and cybersecurity risk is to avoid or minimize the impacts of both internal and external threat events and other efforts to penetrate or otherwise compromise the confidentiality, integrity, or availability of our systems. We work to achieve this objective by hardening networks and systems against attack, and by diligently managing visibility and monitoring controls within our data and communications environment to recognize events and respond appropriately.
To keep the Executive Security Incident Response Team apprised of the continually shifting landscape, the CISO typically provides quarterly updates to the Executive Security Incident Response Team on information security and cybersecurity matters. The Executive Security Incident Response Team maintains oversight of the efforts made to maximize information security and cybersecurity efforts. Potential concerns related to information security and cybersecurity will be escalated to the Board of Directors and Audit Committee, as appropriate.
Our cybersecurity infrastructure undergoes external audits. These efforts demonstrate our commitment to maintaining the highest level of cybersecurity protection. Our external third-party providers also evaluate and rank our cybersecurity maturity and coverage as part of their services. To stay informed about emerging threats, we regularly consult with external providers and other sources such as government publications and notices.
Cybersecurity threats, including as a result of any previous cybersecurity incidents, have not materially affected and are not reasonably likely to materially affect the Company, including its business strategy, results of operations or financial condition. Notwithstanding the extensive approach we take to cybersecurity, we may not be successful in preventing or mitigating a cybersecurity incident that could have a material adverse effect on us. While Vicor Corporation maintains
20
cybersecurity insurance, the costs related to cybersecurity threats or disruptions may not be fully insured. See Item 1A. “Risk Factors” for a discussion of cybersecurity risks.