AMETEK INC/ - (AME)
10-K Filing Date: February 22, 2024
Item 1C. Cybersecurity
AMETEK’s cybersecurity risk management practices are based on the widely recognized National Institute of Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity (The NIST Cybersecurity Framework and the NIST 800-171 Revision 2 Standard). This guidance was developed with private sector input and provides a framework and toolkit for organizations to manage cybersecurity risk.
We utilize a broad team of in-house information technology and security personnel, as well as third-party consultants, services and software, to help manage our cybersecurity efforts and initiatives. We regularly assess our threat landscape and monitor our systems and other technical security controls. Additionally, we maintain information security policies and procedures, including a breach response plan and maintenance of backup and protective systems.
We regularly review our policies, practices, and plans with assistance from third-party experts and advisors. Our Chief Information Officer is responsible for corporate-wide data security. Our management team is actively engaged in regular reviews of cyber risks. Additionally, our full Board of Directors receives quarterly briefings on enterprise-wide cybersecurity risk management and our overall cybersecurity risk environment.
We have implemented two risk management groups, the Enterprise Risk Management Committee, and the Cybersecurity Steering Committee. These committees meet quarterly. They are responsible for the overall governance of our cyber management. The implementation of the Cyber polices and strategy is the responsibility of the Chief Information Officer and the Director of Cyber Security. The CIO reports to the Chief Administrative Officer and the Director of Cyber Security reports to the CIO. We also have a team of full-time cybersecurity specialists who hold various industry technology accreditations. The CIO has more than 35 years in Senior IT Leadership positions, and the Director of Cyber Security has more than 30 years IT experience overall, 15 of which are in leadership roles.
Operationally, we deploy multiple layers of cyber defenses including multiple tools and processes that identify security risks across our global networks, largely in real time. We also maintain good relationships with law enforcement agencies to remain informed on potential cyber risks.
17
Mandatory cybersecurity training is conducted eight times a year for all of AMETEK’s employees with email access. The training provides critical information on how employees can protect themselves and AMETEK against cybersecurity risks. AMETEK financial professionals receive additional training due to the nature of their roles.