John Bean Technologies CORP - (JBT)
10-K Filing Date: February 23, 2024
ITEM 1C. CYBERSECURITY
We maintain a comprehensive technology and cybersecurity program to ensure our systems are effective and prepared for information security risks, including regular oversight of our programs for security monitoring for internal and external threats to ensure the confidentiality, integrity, and availability of our information assets. We regularly perform evaluations and testing of our security program, information technology infrastructure, information security management systems, and third-party service providers we use in our operations.
Our cybersecurity program is led by our Chief Information Security Officer (the "CISO"), a Certified Information Systems Security Manager with over 10 years of related experience, including oversight over any third-party service providers used in connection with our cybersecurity program. Our cybersecurity program includes the implementation of controls aligned with best practices in cybersecurity and applicable statutes and regulations to identify threats, detect attacks, and protect our information assets. We use preventative and detective tools and utilities that provide alerts of vulnerabilities and missing patches for our systems. We have implemented security monitoring capabilities designed to alert us to suspicious activity and have developed an incident response program that includes periodic testing and is designed to restore business operations as quickly and as orderly as possible in the event of a breach. In addition, our employees participate in an ongoing program of mandatory annual training and receive frequent communications regarding the cybersecurity environment to increase awareness throughout the company. We have also implemented an annual training program for specific specialized employee populations, including secure coding training. Notwithstanding the extensive approach we take to cybersecurity, we may not be successful in preventing or mitigating a cybersecurity incident that could have a material adverse effect on us.
26
We have established a Cybersecurity Steering Committee comprised of key leaders across the Company whose responsibilities include oversight of technology, security, and reporting functions. The objective of the Cyber Security Steering Committee is to set policies and procedures for the Company in relation to cyber events, including the Company's response protocols and disclosure requirements upon occurrence of any cyber event that is considered material to the Company.
The Audit Committee reviews cybersecurity information technology risks in connection with its oversight of our enterprise risk management system, and reports to the Board on enterprise risk management matters on a quarterly basis. If a cybersecurity event is identified by the CISO, management and the Cyber Security Steering Committee report any material security instances to the Audit Committee and the Board as they occur. Additionally, our CISO meets regularly with our senior management team and the Board of Directors or the Audit Committee to brief them on technology and information security matters, including cybersecurity risk related matters.
We carry insurance that provides protection that may reduce the potential losses arising from a cybersecurity incident. Past cybersecurity incidents have not materially affected the Company, including our business strategy, results of operations or financial condition.
27