Envista Holdings Corp - (NVST)

10-K Filing Date: February 15, 2024
ITEM 1C. CYBERSECURITY
We are committed to protecting our information assets and systems. We have an enterprise-wide information security program designed to identify, protect against, detect, and respond to and manage reasonably foreseeable cybersecurity risks and threats. We have installed privacy/security protection systems and devices on our network in an attempt to prevent cyberthreats and other unauthorized access to information.

We have adopted a comprehensive Information Security Policy applicable to all of our employees and business partners. We also maintain a Global Security Incident Response Plan (“GSIRP”) to ensure we remain prepared in the event of a cyberattack or other form of network penetration. Our GSIRP is a cross functional plan that documents the details and decision-making process required during a response to a security incident, as well as the reporting protocol with clear escalation timelines and responsibilities. We test our GSIRP with tabletop exercises administered by a third party security consultant. We also maintain cyber liability insurance to help mitigate potential liabilities resulting from cyber issues.

Like most multinational corporations, our information technology systems have been subject to computer viruses, malicious codes, unauthorized access and other cyberattacks, and we expect the sophistication and frequency of such attacks to continue to increase. To date, no attempted cyberattack or other attempted intrusion on our information technology networks has resulted in a material adverse impact on our business strategy, results of operations or financial condition. There can be no assurance that future incidents will not materially affect us, including our business strategy, results of operations or financial condition. Please refer to “Item 1A. Risk Factors—Risks Related to Our Business” for further detail about the material cybersecurity risks we face.

Our Senior Director of Information Security reports to our Chief Information Officer and is responsible for leading our enterprise-wide information security team. The team focuses on developing and implementing strategies, processes and response plans to protect the confidentiality, integrity, and availability of our assets. Our Senior Director of Information Security has prior experience as a chief information security officer and over 25 years of experience in Technology and Security. Our security team also includes members who maintain industry security certificates. Our team is additionally supported by third parties to assist in the operations of our program, compliance audits and security penetration testing.
We evaluate and manage risks relating to cybersecurity as part of our overall enterprise risk management program. We perform an annual assessment across the Company to identify and review potential risks. Risks are prioritized based on threat models to improve cybersecurity throughout the Company. Our Board of Directors oversees our enterprise risk management program.

The Audit Committee of our Board of Directors has the responsibility of exercising oversight with respect to our cybersecurity risk management and risk controls. Our Chief Information Officer provides periodic reports to the Audit Committee regarding our cybersecurity program, including our information risk management and oversight, security education and training, cyber threat detection and response processes, and relevant internal and industry cybersecurity attacks. The Board also receives a report out on cybersecurity issues and governance at least annually, with periodic updates as needed.