SEABOARD CORP /DE/ - (SEB)

10-K Filing Date: February 13, 2024
Item 1C. Cybersecurity

Cybersecurity Risk Management and Strategy

Seaboard recognizes the importance of maintaining the trust and confidence of its customers, business partners, employees and other stakeholders. The Board is involved in the oversight of Seaboard's enterprise risk management program, of which cybersecurity is a component. Seaboard's information security program includes cybersecurity policies, standards, processes and practices that are based on recognized frameworks established by the Center for Internet Security (“CIS”) and other applicable industry standards. Seaboard seeks to address cybersecurity risks through a comprehensive, company-wide information security program that is focused on preserving the confidentiality, integrity and availability of the information that Seaboard collects and stores by identifying, preventing and mitigating cybersecurity threats and effectively responding to cybersecurity incidents when they occur.

Managing Material Cybersecurity Risks

Seaboard maintains a risk-based approach to information security that is based on the CIS-18 controls framework to identify key areas of cybersecurity risk. Seaboard’s information security program maintains a team responsible for managing the cybersecurity risk assessment process across all segments (the “Information Security Team”). The Information Security Team routinely performs assessments and generates reports throughout the year to determine risks, threats and compliance with information security policies, standards and the framework of controls. This Information Security Team partners with each of the segments to identify key areas of cybersecurity risk based on the framework and develop action plans tailored to address those risks. These action plans are included on a multi-year roadmap that addresses priority, funding and implementation. These risks are evaluated on a quarterly basis according to Seaboard's cybersecurity reporting process.

Other cybersecurity risk management measures Seaboard takes include:

Employees and directors with login credentials are required to participate in trainings on at least a quarterly basis to identify potential cybersecurity risks, which are supplemented by periodic phishing tests;
Seaboard engages independent third parties to perform some services such as a penetration test;
Seaboard maintains end user and administrative user policies governing the use of company technology.

Overseeing Third-Party Cybersecurity Risk

Seaboard's information security program includes a documented process to oversee, identify and mitigate cybersecurity risk associated with Seaboard’s use of new third-party service providers. As part of this process, prior to onboarding a third-party service provider, designated information security personnel from each segment will work with the internal business sponsors to perform a cybersecurity risk assessment and determine the potential impact on Seaboard’s systems, data and networks if an identified cybersecurity breach were to occur. Risk assessments are documented, and reports are shared with the Information Security Team and others responsible for accepting the risk tolerance and monitoring the risks going forward.

Risks from Cybersecurity Threats

As of the date of this report, Seaboard is not aware of any cybersecurity threats that have materially affected or are reasonably likely to affect Seaboard’s business strategy, results of operations or financial condition. However, cybersecurity threats and cyber-attacks continue to increase in sophistication and volume. As a result, Seaboard frequently updates its information security plan to address new threats, and Seaboard continues to make investments to protect its information technology infrastructure.

15

Cybersecurity Governance

Seaboard acknowledges the importance of effectively managing risks linked to cybersecurity threats. Seaboard has implemented oversight mechanisms to ensure effective governance in handling risks linked to cybersecurity threats because of the impact these threats can have on operational integrity and stakeholder confidence.

Cybersecurity Risk Management Personnel

Seaboard’s information security program and the Information Security Team is led and managed by a dedicated Director of Information Security (the “IS Director”). The IS Director, whose experience includes over seven years in information security leadership roles and relevant certifications, brings appropriate expertise to Seaboard’s information security program. The IS Director’s experience and knowledge are crucial to the ongoing development and execution of Seaboard’s information security program.

Management’s Role Managing Cybersecurity Risk and Board of Director Oversight

The IS Director and the Information Security Team communicate guidance to all divisional information security personnel to ensure consistent execution of cybersecurity risk management activities. Updates on divisional cybersecurity risks, compliance and roadmap status are provided on at a least a quarterly basis to Seaboard's CEO and CFO for purposes of risk monitoring, updates to policies, allocation of resources, feedback on roadmap progress and discussions on threat remediation, among other topics.

On at least a quarterly basis, the IS Director and other members of management inform Seaboard’s full Board of new risks or changes to risks, the status of projects to strengthen Seaboard’s information security systems, assessments of Seaboard’s security program and the emerging threat landscape. The Board provides feedback on management’s plans and allocates resources for plan expenditures. Seaboard also maintains disclosure controls and procedures to ensure that executive management and the Board receives prompt and timely information regarding any material cybersecurity incidents. Upon confirmation of a cybersecurity incident, the impacted segment invokes their response plan and notifies the IS Director who then communicates the details of the incident to management’s Cybersecurity Committee for determination of materiality.