XPEL, Inc. - (XPEL)
10-K Filing Date: February 28, 2024
Item 1C. Cybersecurity
The Company maintains a cyber risk management program designed to identify, assess, manage, mitigate, and respond to cybersecurity threats. This program is integrated within the Company’s enterprise risk management system and addresses all aspects of the corporate information technology environment.
27
The underlying controls of the cyber risk management program are based on recognized best practices and standards for cybersecurity and information technology, including those set forth in the International Organization Standardization (“ISO”) 27001 standard. The Company has an annual assessment, performed by a third party, of the Company’s cyber risk management program against this standard.
The Company employs a third-party organization to conduct 24/7 monitoring of its global cybersecurity environment and to coordinate the investigation and remediation of alerts. A program for staging incident response drills is in place to prepare support teams in the event of a significant incident.
External partners are a key part of the Company’s cybersecurity infrastructure. XPEL partners with leading cybersecurity companies and organizations, leveraging third-party technology and expertise to control and monitor our processes.
The Director of Enterprise Systems leads the Company’s cybersecurity program. The Director of Enterprise Systems assesses and manages XPEL’s cyber risk management program, informs senior management regarding the prevention, detection, mitigation, and remediation of cybersecurity incidents and supervises such efforts. The Director of Enterprise manages the third service party service provider engaged to monitor the Company’s cybersecurity environment and is regularly updated by the third party service providers on the cybersecurity activities. The Directory of Enterprise Systems has 21 years of experience in information technology and is supported by a team with additional relevant experience and related certifications.
The Audit Committee of the Board oversees XPEL’s cybersecurity risk exposures and the steps taken by management to monitor and mitigate cybersecurity risks. The Director of Enterprise Systems briefs the Audit Committee on the effectiveness of the Company’s cyber risk management program, typically on a quarterly basis.
XPEL faces risks from cybersecurity threats that could have a material adverse effect on its business, financial condition, results of operations, cash flows or reputation. The Company has experienced, and will continue to experience, cyber incidents in the normal course of its business. However, prior cybersecurity incidents have not had a material adverse effect on the Company’s business, financial condition, results of operations, or cash flows.