WYNN RESORTS LTD - (WYNN)
10-K Filing Date: February 23, 2024
Item 1C. Cybersecurity
Wynn Resorts’ information security program is designed to preserve the accuracy and integrity of all forms of information processed by us and to protect such information, including our employees' and guests' personally identifiable information and information related to our operations, from misuse, loss, or theft. Our information security program is founded on principles and standards of the National Institute of Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity issued by the U.S. government.
The Chief Information Security Officer ("CISO") works closely with the Chief Information Officer and the Chief Privacy Counsel to collectively manage our global information security, information technology and data privacy programs. The Company's information security program includes a robust set of controls and safeguards for the systems, applications, and databases of the Company and of its third-party vendors. The CISO manages the information security program and sets annual targets and security objectives. The program includes regular risk assessments and recurring internal and external audits to assess the program’s maturity and effectiveness. The results of these assessments and audits help inform decisions to make program adjustments and ensure that the program’s security objectives are effective and up to date. Additional features of our cybersecurity program include security controls, such as firewalls and intrusion detection systems; data loss prevention tools; penetration testing of network, cloud, and application platforms; security assessments of our third-party vendors; and security awareness education for our employees and specialized training for our information security specialists.
We have implemented security monitoring capabilities, designed to alert us to suspicious activity and have developed an incident response program that includes periodic coordinated response exercises designed to restore business operations as quickly and as orderly as possible in the event of a breach. In the event of cyber incident which may be considered "material" under the SEC's disclosure rules, Wynn Resorts has established a separate committee comprised of the General Counsel, the Chief Financial Officer, the Chief Privacy Counsel, and the CISO. The Materiality Committee is responsible for determining whether a cyber incident, or series of incidents, is "material" and requires disclosure under Item 1.05 of Form 8-K as well as informing the Board of Directors about the incident from a risk oversight perspective.
The Board of Directors oversees risks relating to cybersecurity. The CISO presents to the Board of Directors on a quarterly basis and the results of the risk assessments and audits on at least an annual basis. These reports also include detailed updates on the Company’s performance preparing for, preventing, detecting, responding to, and recovering from cyber incidents. The CISO has overseen the Company’s information security program for the last 15 years. He holds a Bachelor of Arts degree in Business Administration, and has over 30 years’ total experience in the information technology and security field, including various leadership roles before joining Wynn Resorts. In addition, he holds several industry technical certifications in information security, network engineering, systems engineering, database management, application development, and security intrusions.
Failure of our information security program to prevent or detect a cyber incident could result in the compromise of Company and customer information, reputational damage, and/or financial loss. During the periods covered by this report, we did not experience any material cyber incidents and the expenses we incurred from cyber incidents were immaterial. While prior incidents have not had a material impact on us, future incidents could have a material adverse effect on our business, results of operations and cash flows. For additional information about our cybersecurity risks, see "System failure, information leakage and the cost of maintaining sufficient cybersecurity could adversely affect our business" in Item 1A — "Risk Factors."
32