AMKOR TECHNOLOGY, INC. - (AMKR)
10-K Filing Date: February 16, 2024
Item 1C.Cybersecurity
Cybersecurity Risk Management and Strategy
Our cybersecurity measures are designed to help protect our information security systems from cybersecurity threats. Our Global Information Security Team is led by our Corporate Vice President and Chief Information Officer (“CIO”) and is composed of key functional leaders. Our Global Information Security Team assesses, identifies and manages cybersecurity risks to the Company, including by:
•Assessing, identifying and managing cybersecurity risks to our information systems: We assess, identify and manage cybersecurity risks to our information systems, including by: (i) establishing and maintaining a governance structure that includes policies, procedures and processes designed to manage cybersecurity threats and cybersecurity incidents; (ii) conducting ongoing risk assessments, including to identify and assess cybersecurity risks; (iii) developing and implementing an overall risk management strategy, which includes cybersecurity risks; (iv) overseeing, identifying and managing risks from cybersecurity threats associated with our use of third-party service providers and our supply chain; and (v) engaging external experts, including cybersecurity assessors, consultants and auditors to evaluate and test our cybersecurity measures and risk management processes; and
•Establishing a program to assess and help mitigate cybersecurity threats: We are committed to establishing a program to assess and help mitigate cybersecurity threats through: (i) conducting employee training on cybersecurity risks and best practices; (ii) implementing measures to classify and protect data; and (iii) taking steps to be aware of and address new cybersecurity threats, including through the receipt of threat information from third-parties that helps us proactively prevent and detect cybersecurity threats.
Impact of Cybersecurity Risks
We assess, on an ongoing basis, the potential impact of risks from cybersecurity threats on us and our business. During the reporting period, we have not identified any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, that have materially affected, or are reasonably likely to materially affect us, including our business strategy, results of operations or financial condition.
Board Oversight of Cybersecurity Risks
Our Board of Directors, through the Audit Committee, provides strategic oversight regarding risks from cybersecurity threats through oversight of our overarching cybersecurity posture and risk management practices. The Audit Committee receives periodic updates from our CIO on the current status of our cybersecurity program and risks from cybersecurity threats, and our Board of Directors is apprised of significant cybersecurity matters.
Management’s Role in Assessing and Managing Material Risks from Cybersecurity Threats
Management is responsible for assessing and managing risks from cybersecurity threats. Specifically, our CIO, supported by our Global Information Security Team, is responsible for the overall management of our information security program, which includes assessing, identifying and managing cybersecurity risks and material risks from cybersecurity threats. The Company’s CIO was promoted to the position in January 2024 after serving as Senior Vice President – Enterprise Applications since July 2022. The CIO has more than 25 years of manufacturing experience, mostly in IT leadership roles in the semiconductor industry, and holds electrical and computer engineering degrees from the University of Missouri and an MBA from The Ohio State University.
Members of the Global Information Security Team possess expertise in various disciplines that are key to effectively managing our information security program. Team members represent relevant functions within the organization (e.g., Risk and Compliance, Security Operation Center & Network Engineering and Operational Technology). Each Global Information Security Team member has more than 15 years of experience working for large enterprises in the
35
information technology and information security space. This includes, but is not limited to, expertise in data infrastructure, operations and information security and risk and compliance. In addition, our CIO and certain members of the Global Information Security Team are informed about and monitor the prevention, detection, mitigation and remediation of cybersecurity incidents through their participation in incident response protocols.