HYSTER-YALE MATERIALS HANDLING, INC. - (HY)

10-K Filing Date: February 27, 2024
Item 1C. CYBERSECURITY
The Company’s Board of Directors, directly and through its committees, is responsible for overseeing cybersecurity risks that affect the Company. As such, the Board has delegated oversight of risks related to cybersecurity to the Audit Review Committee of the Board of Directors (the “ARC”). The ARC is charged with reviewing the Company’s cybersecurity risks, controls and procedures. The ARC reviews the Company’s plans to mitigate cybersecurity risks and the Company’s ability to respond to and remediate cybersecurity incidents. The ARC is informed of such risks through regular reviews with management regarding any specific cybersecurity issues that could affect the adequacy of internal controls over financial reporting.
The Company’s cybersecurity risk management processes are a component of the Company’s overall risk management program. The Company's Cybersecurity Committee (the “CSC”) oversees the establishment and operations of cybersecurity risk management processes and strategies and directs activities to identify and detect cybersecurity threats, protect the Company’s assets and to respond and recover from cybersecurity incidents. The CSC is responsible for coordination with the Company’s internal audit, risk management and/or crisis management teams to review and respond to cybersecurity threats.
13

The CSC is chaired by a member of the Office of the Chief Information Security Officer (“Office of the CISO”) and includes members of senior management from operations, finance and legal. The CSC is expected to meet quarterly. In coordination with the Office of the CISO, the CSC reviews and reports on the Company’s cybersecurity activities to the ARC on a quarterly basis and to the full Board of Directors on at least an annual basis.
The CSC works with the Company’s Office of the CISO, which is responsible for the daily direction of cybersecurity risk activities. The Office of the CISO uses various data protection frameworks and conducts vulnerability assessments, cybersecurity monitoring and recovery software, employee, supplier and dealer training programs and monitoring of incidents and threats. Members of the Office of the CISO also engage with the Company’s internal audit department to review cybersecurity threats focusing on operational applications and databases through the course of their activities. The Office of the CISO consists of the Director of Cybersecurity, the Chief Information Officer and other information technology and cybersecurity specialists. The Office of the CISO has extensive experience in information technology including roles in cybersecurity, privacy, software engineering, systems engineering, infrastructure and data center management.
In addition, the Company engages third parties to assist in assessing, enhancing, implementing and monitoring the Company's cybersecurity risk-management programs. The Company maintains processes to oversee and identify risks from cybersecurity threats associated with its use of third-party service providers.
The Company has experienced cybersecurity threats and vulnerabilities in its information systems and those of third-party providers. Such prior events have not had a material impact on the Company’s financial condition, results of operations or liquidity. If, in the future, the Company’s or a third-party provider’s information systems suffer severe damage, disruption, breach, or shutdown, and business continuity plans do not effectively resolve the issues in a timely manner, then the Company could be subject to litigation with third parties, government enforcement actions, penalties, disruption to operations and product systems, unauthorized release of confidential or otherwise protected information, corruption of data or remediation costs, which could materially adversely affect the Company’s operating results, financial position or reputation. See “Risks Related to Cybersecurity” in “Risk Factors” beginning on page 11 of this Annual Report on Form 10-K.