IROBOT CORP - (IRBT)
10-K Filing Date: February 27, 2024
ITEM 1C. CYBERSECURITY
Cybersecurity Risk Management and Strategy
We recognize the importance of developing, implementing, and maintaining cybersecurity measures designed to safeguard our information systems and protect the confidentiality, integrity, and availability of our data, including customer data. We have strategically integrated cybersecurity risk management into our broader risk management framework, and incorporate cybersecurity considerations into our decision-making processes. iRobot's IT department evaluates and addresses cybersecurity risks in alignment with our risk profile, business objectives, and operational needs. In support of these processes, we employ cybersecurity technologies, including automated tools, designed to monitor, identify, and address cybersecurity risks.
In addition, iRobot's internal audit team facilitates risk assessment activities and manages formal IT general controls, evidence collection, and attestation for SOX compliance. We also engage with a range of external experts, including cybersecurity assessors and consultants to support the evaluation and testing of our risk management systems. These third parties assist with the preparation of threat assessments and penetration tests, and consult on security enhancements.
As part of our cybersecurity risk management program, we also implement risk-based processes to oversee and evaluate third-party vendors. Pursuant to these processes, as appropriate, we conduct security assessments of third-party vendors prior to onboarding, as well as ongoing monitoring of critical third-party vendors.
Although risks from cybersecurity threats have to date not materially affected us, our business strategy, results of operations or financial condition, we have, from time to time, experienced threats to security incidents related to our and our third-party vendors’ data and systems. For more information, please see the risk factor entitled "Cybersecurity risks could adversely affect our business and disrupt our operations" in Item 1A - Risk Factors.
Governance Related to Cybersecurity Risks
The Board of Directors ("Board") has delegated oversight of the Company's cybersecurity risk management program to the Audit Committee. The Audit Committee is composed of board members with diverse expertise, including in the areas of risk management, technology, and finance. The Audit Committee periodically provides input regarding cybersecurity topics and initiatives, including the results of assessments, and cybersecurity policies.
The Security Director and the Chief Information Officer ("CIO") have primary responsibility for informing the Audit Committee on cybersecurity risks. They provide periodic briefings to the Audit Committee, which may include topics such as updates regarding the cybersecurity threat landscape, the status of ongoing cybersecurity-related initiatives and strategies, and regulatory requirements.
The CIO has primary responsibility for assessing, monitoring and managing our cybersecurity risks, informed by thirty years of experience focusing on cloud, cybersecurity, and privacy in leadership roles at public companies. The Security Director also has thirty years of experience in the software and security industry, with executive positions in product security, security intelligence and data science. In his capacity at iRobot, the Security Director implements and oversees information security processes and regularly informs the Chief Financial Officer and CIO of cybersecurity developments, including potential threats and risk management techniques.
26