BELDEN INC. - (BDC)

10-K Filing Date: February 13, 2024
Item 1C. Cybersecurity

Cybersecurity Risk Management and Strategy
Cybersecurity risk oversight and management is a top priority for the Company and the Board of Directors. The Company offers a broad portfolio of industrial cybersecurity solutions to its customers, and an understanding of cybersecurity risks is critical to both the Company internally and to our customers and business partners. The Company identifies, assesses, and manages cybersecurity risk as part of both the enterprise cybersecurity program and the enterprise risk management program. The Company’s expertise, dedicated resources and proven technology in cybersecurity management are evident in the Company’s enterprise cybersecurity program. The Company’s Cybersecurity Committee (described below) is a subcommittee of and reports to the Audit Committee, which oversees the enterprise risk management program.

The Company has adopted processes and procedures for incident detection, containment and response, which are provided through a variety of resources, including:
24/7 Security Operations Center,
advanced endpoint detection/response,
user behavior analytics,
vulnerability identification/patching,
email threat prevention,
data loss prevention,
privileged access management, and
ongoing/annual phishing training / testing.

To ensure the Company is addressing constant changes in the threat landscape, management and the Board of Directors continue to advance their cybersecurity knowledge and stay current with evolving information, regulations and industry practices through our memberships and affiliations with industry leading companies such as Crowdstrike, IBM, and Palo Alto Networks, as well as national organizations such as the Federal Bureau of Investigation, the Cybersecurity and Infrastructure Security Agency and others. In addition, to supplement our efforts, expert consultants and third-party vendors are engaged from time to time to assess enterprise security posture, identify operational technology vulnerabilities, and assess software product security. In addition to these assessments, the Company engages third-party vendors to perform enterprise-wide attack and penetration tests. Findings from these activities are reported to senior management and the Belden Board of Directors.





18


The Company recognizes the importance of identifying and managing material cybersecurity risks associated with our use of third-party service providers. To address these third-party risks, the Company has developed a program to assess both new and existing vendors and suppliers that are expected to have access to or otherwise influence Belden’s internal network or internal data. Components of this program include customed vendor security assessments, security architecture review, and third-party rating services. We perform cybersecurity due diligence through this program as appropriate in connection with the on-boarding of a third-party relationship and conduct periodic reviews based on the inherent risk profile of the particular provider.

Impact of Cybersecurity Risks on Strategy and Results
Risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have not materially affected, and the Company believes that they are not reasonably likely to materially affect, the Company, including its business strategy, results of operations or financial condition. The Company experienced a cybersecurity breach in 2020. The Company determined the impact of this incident was not material, but enhanced its cybersecurity controls and processes in response to the incident. The Company has taken reasonable measures to protect against future compromise, and believes these measures will protect against material adverse impact, including its business strategy, results of operations or financial condition.

Cybersecurity Governance
In 2018, in recognition of the unique nature of cybersecurity threats and the desire to apply focused oversight of cybersecurity risk, the Company’s Board of Directors formed a Cybersecurity Subcommittee (the “Subcommittee”) providing oversight of the Company’s cybersecurity posture and reporting to the Board’s Audit Committee. The Subcommittee consists of three independent directors with experience and/or expertise in cybersecurity management and oversight. The Subcommittee meets regularly on at least a quarterly basis. The Subcommittee has full access to management and consultants engaged by management and receives regular reporting directly from the Company’s chief information officer, head of cybersecurity, internal audit and the legal function, as well as third-party assessments of the Company’s cybersecurity processes. In addition, the full Board of Directors receives a report on cybersecurity annually, or as necessary.

The Company’s cybersecurity program is managed by a dedicated vice president of cybersecurity, who reports directly to Belden’s chief information officer and whose team is responsible for leading enterprise-wide cybersecurity strategy, policy, standards, architecture, and processes. The chief information officer reports directly to the Company’s chief financial officer and has access to other members of senior management, including Belden’s chief executive officer, as appropriate. Belden’s vice president of cybersecurity has over 30 years of IT experience, including twelve years of cybersecurity experience. Belden’s chief information officer has over 35 years of IT experience, a BS in Computer Science and an MBA.

The Company’s policies and procedures described above are designed to ensure that the Company’s vice president of cybersecurity and chief information officer and other necessary members of any cybersecurity response team are appropriately informed of any cybersecurity matters and the status of our ongoing processes. The Company’s vice president of cybersecurity and chief information officer jointly provide periodic reports to the Subcommittee, the Company’s CEO and CFO, and other members of management. These reports include updates on the Company’s cybersecurity risks and threats, the status of projects to strengthen its information security systems, assessments of the information security program, and the emerging threat landscape. The Company’s program is regularly evaluated internally and externally and updates are presented to senior management and the Subcommittee. The Company also actively engages with key vendors, industry participants, and knowledge leaders as part of the Company’s continuing efforts to evaluate and enhance the effectiveness of its information security policies and procedures.








19