TELEDYNE TECHNOLOGIES INC - (TDY)

10-K Filing Date: February 23, 2024
Item 1C. Cybersecurity
We face many cybersecurity threats including ransomware, denial-of-service attacks, and more advanced and persistent threats from state-affiliated groups. We have experienced cyber-attacks in the past and may experience cybersecurity incidents going forward. Our customers and suppliers face similar cybersecurity threats. While prior incidents have not materially affected our business, results of operations or financial condition, there is no guarantee that a future cyber incident would not affect our business strategy, results of operations or financial condition. See Item 1A. Risk Factors for more information on our cybersecurity risks.
Risk Management and Strategy
Our cybersecurity strategy prioritizes risk identification, quantification, communication, and mitigation, and this strategy is aligned with our overall Enterprise Risk Management strategy. Our strategy focuses on the deterrence, early detection, interception, and interruption of potential cyber-attacks. We strive to continuously monitor, evaluate, prioritize and mitigate vulnerabilities and attacks. Our policies and processes are compliant with applicable control frameworks provided by the U.S. National Institute of Standards and Technology (“NIST”) and other applicable standards.
Our employees are required to take cybersecurity-related training which promotes awareness of how to detect and respond to cybersecurity threats. We utilize benchmarking against peers in the industry to validate our defense posture, and we conduct internal and external assessments to evaluate our controls around information technology, operating technology, and product and service information security. We work with government, customer, industry and/or supplier partners, such as the National Defense Cyber Alliance to gather and develop best practices and share information to address cyber threats, and we contribute to overall cyber-safety of the defense industrial base through contributions of threat intelligence to law enforcement agencies.
We deploy multiple defenses and connect them to allow automated responses to urgent threats, which aims to provide continued protection for mobile computing systems when they are outside the company perimeter. We conduct active threat hunting and vulnerability scanning to anticipate and pro-actively mitigate risks.
We have incident response plans and procedures, the goal of which is to enable the company to respond effectively and compliantly should a cyber-incident arise. ‘Tabletop’ exercises are held at both the technical and executive level to maintain readiness to respond and to identify any areas where improvements or updates are required. We engage third-party expertise and utilize threat intelligence feeds to supplement and enhance our internal team of cybersecurity professionals.
Governance
Pursuant to its charter, the Audit Committee of the Board is responsible for reviewing, discussing and making recommendations to the Board on cybersecurity matters. Our Vice President of Information Technology and Chief Information Officer (“CIO”) and our Chief Information Security Officer (“CISO”) provide presentations to the Audit Committee on cybersecurity status, outcomes, and risks at each quarterly meeting. These briefings include assessments of cyber risks and threats landscape, updates on incidents, and our investments and plans in cybersecurity risk mitigation and governance.
At the management level, our Enterprise Risk Management Committee identifies and drives mitigation of company-wide risks, including those related to cybersecurity. The committee consists of our Vice President, Chief Audit Executive (“Chair”), Senior Vice President and Chief Financial Officer, Executive Vice President, General Counsel, Chief Compliance Officer and Secretary, Associate General Counsel, Human Resources, Vice President and CIO, and individuals representing the business operations. The Chair of the Enterprise Risk Management Committee periodically reports to the Audit Committee and the Board of Directors on the progress and results of the actions taken by the committee.
Our management team, including our Enterprise Risk Management Committee, CIO and CISO, is responsible for assessing and managing our cybersecurity risks and threats. Our CISO, who has approximately 30 years in various information technology and security roles and reports to our CIO, is primarily responsible for our overall cybersecurity risk management program and supervises both internal and external resources to prevent, detect, mitigate, and remediate cybersecurity risks, threats, and incidents. As such, our CISO has extensive experience and expertise in developing, implementing, and operating security policies and procedures covering our protective defenses of our network and critical data. We have established
20


processes by which the CISO routinely informs the management team and the Board of cybersecurity risks, threats and incidents that have been identified or are reasonably likely of occurring and how such matters are managed.

© 2024 Material-Incidents. All rights reserved.