ROGERS CORP - (ROG)

10-K Filing Date: February 26, 2024
Item 1C. Cybersecurity
Safeguarding our information technology systems, intellectual property, and the confidential information and personal data that customers, suppliers, business partners, employees and others share with us is a critical concern for our business. As such, we have processes in place to assess, identify, and manage material cybersecurity threats and incidents. Key to these efforts is our cybersecurity risk management program (the “Cybersecurity Program”). We aim to incorporate industry best practices throughout our Cybersecurity Program. It is founded on the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework (Identify, Protect, Detect, Respond and Recover) and includes elements of ISO 27001 standards, NIST SP 800-171 guidance, the International Organization for Standardization (ISO), and other applicable industry standards for protecting controlled unclassified information. The Cybersecurity Program also incorporates preventative, detective and corrective controls to identify relevant cyber risks. The controls are tested and evaluated on a regular basis and include the following controls: network and endpoint protection technologies that are designed to block and detect security events at the perimeter and within our networks; evaluation and monitoring of detected security events; and documented incident response actions and procedures. In addition to internal assessments, third party security firms perform annual risk reviews to evaluate and assess the Cybersecurity Program.
We regularly remind employees of the importance of handling and protecting customer and employee data, including through periodic security training to enhance employee awareness of how to detect and respond to cybersecurity incidents. We also conduct tabletop exercises to simulate response plans to various cybersecurity incidents. Our team of cybersecurity professionals then collaborate with relevant stakeholders within the Company to evaluate and adjust our detection and mitigation strategies.
We impose security requirements upon our suppliers, including maintaining an effective security management program, abiding by information handling and asset management requirements; and notifying us in the event of any known or suspected cyber incident.
Our Chief Information Officer (CIO) is responsible for leading the Cybersecurity Program, which is coordinated and primarily executed by our Senior Manager of Information Security. Our CIO has more than 25+ years of information technology and cybersecurity experience, and has served in this role since 2021.
Our Board of Directors, primarily through the Audit Committee, oversees our enterprise risk management program, including cybersecurity risks. The enterprise risk management program is utilized in making decisions with respect to company priorities, resource allocation, and oversight structures. Our CIO delivers updates on the Cybersecurity Program to our Board of Directors semi-annually, including with respect to significant projects and initiatives. These updates consist of a report to the full Board of Directors and to the Audit Committee, and cover a wide range of topics, including evolving regulations and standards, vulnerability assessments, mitigation strategies, third-party and independent reviews, the evolving threat environment, technological and industry trends, and information security considerations arising with respect to the Company’s peers and other third parties. Our CIO will also provide reports of material cybersecurity incidents or other relevant developments to our Board of Directors and Audit Committee as and when needed. Furthermore, our CIO provides periodic updates to our senior management regarding cybersecurity risks, as well as interim updates during regular meetings with our leadership team.
For a discussion regarding risks from cybersecurity threats that have or are reasonably likely to materially affect the company, see the risk factor titled “A significant disruption in, or breach in security of, our information technology systems or violations of data protection laws could materially adversely affect our business and reputation” in “Item 1A. Risk Factors” of this Annual Report on Form 10-K.
17