nVent Electric plc - (NVT)

10-K Filing Date: February 20, 2024
ITEM 1C. CYBERSECURITY
We have implemented a comprehensive cybersecurity program designed to protect the confidentiality, integrity, and availability of our information systems and data. The program is aligned with the National Institute of Standards and Technology (NIST) Cybersecurity Framework and zero trust model, incorporates industry best practice standards, and includes policies, standards, procedures, controls and technology platforms that help manage cybersecurity risk.
Our cybersecurity program includes the following capabilities:
Governance
Our Board of Directors oversees cybersecurity risk management and is supported by the Audit and Finance Committee of the Board (the "Audit Committee"). The Audit Committee interacts with the Executive Leadership Team ("ELT"), including our Chief Technology Officer ("CTO"), and other members of management with respect to cybersecurity matters. The Board of Directors and the Audit Committee receive periodic reports from management on the effectiveness of the cybersecurity program and any material cybersecurity incidents that have occurred. The Board of Directors and the Audit Committee work with management to help ensure that our cybersecurity program is effective in addressing the risks associated with cybersecurity threats and are committed to continuously improving our cybersecurity program to stay ahead of emerging threats. The CTO oversees our cybersecurity program, including assessing and managing material risks from cybersecurity threats. The Chief Information Security Officer ("CISO") reports to the CTO and leads the cybersecurity program and team.
The CTO has served in various roles in information technology and information security for over 25 years. The CTO holds a PhD in engineering and degrees in technology and management. The CISO has served in various roles in information technology and information security for over 25 years, including serving as a cybersecurity leader for public companies for more than 10 years. The CISO holds a degree in engineering and a master's degree in business.
Risk Management
We have processes in place to assess, identify, and manage material risks from cybersecurity threats. We track cybersecurity risk as an enterprise risk through our enterprise-wide risk management ("ERM") framework. The Board of Directors is actively involved in oversight of our ERM framework and receives regular reports on risks, including cybersecurity risks. We engage third parties to conduct assessments, tests, and simulation exercises to validate and further mature our cybersecurity program, the results of which are reported to the Executive Leadership Team, including CTO, and the Board of Directors. We maintain cybersecurity insurance coverage to help mitigate the financial impact of a cybersecurity incident.
17


Technical Safeguards
We deploy technical safeguards that are designed to protect our information systems from cybersecurity incidents, including firewalls, intrusion prevention and detection systems, anti-malware functionality and access controls, all of which are evaluated and improved through vulnerability assessments and cybersecurity threat intelligence.
Incident Response and Recovery Planning
We have established and maintain comprehensive incident response and business continuity plans that address our response to, and mitigation and remediation of, a cybersecurity incident. We have implemented controls and procedures that provide for the prompt escalation of cybersecurity incidents to the ELT and the Audit Committee when appropriate, so that decisions regarding the public disclosure and reporting of such incidents can be made by management in a timely manner.
Third-Party Risk Management
We maintain a comprehensive, risk-based approach to assessing and overseeing cybersecurity risks presented by third parties, including vendors, service providers and other external users of our systems, as well as the systems of third parties that could adversely impact our business in the event of a cybersecurity incident affecting those third-party systems.
Education and Awareness
We have implemented a security awareness and training program designed to educate employees on the importance of information security and to help them identify and respond to potential security incidents. The program includes annual required cybersecurity training for professional employees, role-based cybersecurity training, and a phishing awareness program for all employees.
Previous cybersecurity incidents have not materially affected us, including our business strategy, results of operations or financial condition. However, risks from cybersecurity threats, including but not limited to exploitation of vulnerabilities, ransomware, denial of service, supply chain disruption, or other similar incidents may materially affect us, including our execution of business strategy, reputation, results of operations and/or financial condition. See Item 1A, Risk Factors, “Increased cybersecurity threats and computer crime pose a risk to our systems, networks, products and services, which expose us to potential regulatory, financial and reputational risks.” for a discussion of cybersecurity risks.