INSIGHT ENTERPRISES INC - (NSIT)
10-K Filing Date: February 22, 2024
Item 1C. Cybersecurity
Our information security program is managed by a dedicated Chief Information Security Officer (“CISO”) who is responsible, along with his team, for leading enterprise-wide cybersecurity strategy, policy, standards, architecture, and processes. Our CISO has served in that role since 2021 and has been in cybersecurity related roles for 25 years, including with two publicly traded companies. Our Board of Directors has delegated oversight of risks from cybersecurity threats through our information security program to our Audit Committee, which receives updates on an as needed basis from our CISO regarding risks from cybersecurity threats. Our CISO additionally provides periodic updates to our Board of Directors, our Chief Executive Officer and other senior management members, including at least twice per year through our overall Enterprise Risk Management Program. These updates include, among other risk management issues, updates on the Company’s cybersecurity risks and threats, the status of projects to strengthen our information security systems, assessments of the information security program, and the emerging threat landscape.
Our information security program leverages components from industry frameworks and generally recognized best practices, including International Organization for Standardization 27001 and National Institute of Standards and Technology ("NIST") standards, such as the NIST Cybersecurity Framework, which emphasizes identification, protection, detection, response and recovery. Our program is regularly evaluated by internal and external experts with the results of those reviews reported to senior management and the Board of Directors. We also collaborate with
24
INSIGHT ENTERPRISES, INC.
thought leaders in cybersecurity including with key vendors, clients, business partners, industry participants, and intelligence and law enforcement communities as part of our continuing efforts to evaluate and improve the effectiveness of our information security policies and procedures. This collaboration allows us to rapidly adopt industry best practices developed through firsthand experience mitigating cyber incidents. Our program also includes processes to oversee and identify risks from cybersecurity threats associated with our use of third-party service providers.
We do not believe that risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect our overall business strategy, results of operations, or financial condition over the long term.