Ingevity Corp - (NGVT)

10-K Filing Date: February 22, 2024
ITEM 1C. CYBERSECURITY
At Ingevity, we recognize the paramount importance of cybersecurity in safeguarding sensitive information. We are aligned with industry standards, such as the ISO 27001 cybersecurity framework. Our comprehensive cybersecurity program is led by a team of diverse, highly skilled professionals, and we invest in modern technologies, including artificial intelligence and machine learning, to fortify our defenses. We continue to collaborate with local, state and federal agencies and peers in the chemical manufacturing industry to identify the latest threats and implement effective defenses to protect our employees and customers.
Key Components of Our Cybersecurity Program:
Leadership and Governance. Led by our Chief Information Security Officer ("CISO"), we have a team of skilled internal and external cybersecurity professionals. Our Board of Directors (“the Board”) has oversight of our cybersecurity and risk management programs. The Board receives at least semiannual updates from the Chief Information Officer and CISO on cybersecurity matters and our risk management program, and periodic updates from external cybersecurity experts on the overall risk landscape. We have implemented processes for continual monitoring of our information systems, including the deployment of advanced security measures and system audits to identify potential vulnerabilities. If a cybersecurity incident were to occur, we are equipped with an incident response plan that includes immediate actions to mitigate the impact and long-term strategies for remediation and prevention of future incidents. Additionally, our cybersecurity team regularly meets with our executive management leadership team to provide updates on our cybersecurity risks and incidents ensuring management is keenly aware of any potential threat.
Protection of Sensitive Information. We maintain collection, storage, and access controls of personal, proprietary, and confidential information, focusing on protecting trade secrets, intellectual property, clinical trial data, third-party information, and employee data.
Industry-Standard Frameworks and Policies. We incorporate industry-standard frameworks, policies, and practices such as ISO 27001 which are designed to protect the confidentiality and privacy of information.
Protection Mechanisms. We currently follow the ISO 27001 cybersecurity framework and are progressing toward program certification. We continuously monitor our enterprise network and have deployed detective and preventative controls. In-depth third-party security assessments are conducted annually.
Incident Response and Testing. We have a robust cybersecurity incident response plan that incorporates regular simulations, drills, and vulnerability scans, penetration testing and third-party assessments of our cybersecurity controls and resilience.
Third-Party Monitoring. We employ a managed security services provider that provides 24/7 monitoring of our enterprise network. We require third-party service providers with access to personal, confidential or proprietary information to implement and maintain comprehensive cybersecurity practices consistent with applicable legal standards and industry best practices.
Insurance Coverage. We maintain insurance coverage that includes cybersecurity protection.
Our proactive approach to cybersecurity involves the integration of leading technologies and collaboration with third-party experts to ensure alignment with industry standards. We believe these measures contribute to the protection of both our organization's and our clients' sensitive information.
During the past year, there have been no material risks from cybersecurity threats or prior cybersecurity incidents that have materially affected or are reasonably likely to materially affect the Company’s business strategy, results of operations, or financial condition. Despite our security architecture and controls, and those of our third-party providers, we may be vulnerable to cyber-attacks, computer viruses, security breaches, ransomware attacks, inadvertent or intentional employee actions, system failures, and other risks that could materially impact our financial results and our results of operations.
23