UNIVERSAL DISPLAY CORP \PA\ - (OLED)

10-K Filing Date: February 22, 2024
ITEM 1C. CYBERSECURITY

Recognizing the importance of assessing, identifying, and managing material risks from cybersecurity threats, we maintain a cybersecurity program that is led by our management team and overseen by the Audit Committee of our Board of Directors. Material risks from cybersecurity threats to our company may include, among other things, operational risks, intellectual property theft, fraud, extortion, harm to employees or customers and violation of data privacy or security laws.

To identify and manage the risks from cybersecurity threats, our cybersecurity program includes various preventative, detection and responsive measures, including without limitation the following: use of monitoring and detection software applications, ongoing employee education and certification about cybersecurity threats, routine security access reviews, and the implementation of physical security measures. As standard practice, we require third-party service providers that may electronically interact with or handle our sensitive information to maintain an effective security management program and to notify us in the event of any known or suspected cyber incident.

Members of our management team, most notably our Chief Financial Officer, who has responsibility for managing our Information Technology and Security functions, are responsible for leading our cybersecurity program. Our management team meets regularly with our information technology leadership personnel, including our Head of Information Technology, who reports to our Chief Financial Officer, to receive updates and data on cybersecurity management activities, including assessments on emerging technologies and evaluations of recommended practices related to cybersecurity measures. Our Head of Information Technology, who has managed information technology services and security for over 25 years, and our Chief Financial Officer maintain their expertise through participating in events such as continuing education and training, and information-sharing collaborations. We also retain a third-party Information Security consulting firm to advise on and assess our cybersecurity processes on an ongoing basis.

The Audit Committee of our Board of Directors has oversight responsibility for our cybersecurity program. Our Chief Financial Officer and Head of Information Technology provide periodic updates regarding our cybersecurity risk management strategy and related activities to the Audit Committee, and provide other information as needed or requested to facilitate the committee’s oversight of our cybersecurity risk. The chair of our Audit Committee, who previously founded and for 19 years led an information technology consulting company that specialized in providing software and systems integration, business process and technical consulting to multinational companies, holds a certification in Systemic Cyber Risk Governance for Corporate Directors. Other members of our full Board of Directors, which also receives periodic briefings on cybersecurity matters, also have received professional education and training related to cybersecurity.

Despite our efforts to manage the risk from cybersecurity threats, we may not be successful in preventing or mitigating a cybersecurity incident that could have a material adverse effect on us. See Item 1A. “Risk Factors” for a further discussion of our cybersecurity risks.