LGL GROUP INC - (LGL)

10-K Filing Date: April 01, 2024
Item 1C.

Cybersecurity

 

Cybersecurity risk management is an integral part of our overall risk management efforts. The Company has chosen the National Institute of Standards ("NIST") for its base framework. Controls in the NIST SP 800-53 catalog have been tailored based on inheritance from MtronPTI controls, internally determined information technology ("IT") general controls and industry best practices to create a balance approach to protecting the confidentiality, integrity, and availability of our systems. We also seek to mitigate risk and manage any residual financail risk through a robust cyber insurance policy.

 

The Board of Directors has ultimate oversight of the Company's risk management. Pursuant to its charter, the Audit Committee of the Board of Directors has primary responsibility for the oversight of cybersecurity and information technology risks, and the Company's preparedness for these risks. The Audit Committee receives regular updates from our senior management and MtronPTI personnel ((pursuant to the Transitional Administrative and Management Services Agreement between us and MtronPTI) on cybersecurity risk resulting from risk assessments and reviews any information on relevant internal and industry cybersecurity incidents and is notified between such updates relative to any incidents which could materially affect us. These regular updates include topics related to cybersecurity practices, cyber risks, and risk management processes, such as updates to our cybersecurity programs and mitigation strategies, and other cybersecurity developments. Based on this information, our Audit Committee monitors the Company’s cybersecurity program, including potential threats, weaknesses and vulnerabilities, and reviews the policies and procedures in place to prevent, detect and respond to cybersecurity threats and unauthorized access to our information security systems. Significant findings related to cybersecurity, data and technology risks or incidents are regularly reported to and discussed at the Board level.

 

Our senior management and MtronPTI (pursuant to the Transitional Administrative and Management Services Agreement between us and MtronPTI) are responsible for assessing the risk of cybersecurity threats and engaging appropriate personnel to oversee the cybersecurity program. Specifically, the Company's cybersecurity incident response is overseen by MtronPTI's Director of IT, who is a member of MtronPTI's enterprise management team. The MtronPTI Director of IT also reports to the LGL Group Co-CEOs for all matters concerning LGL Group and its cybersecurity.

 

MtronPTI's internal IT team participates in several industry information sharing groups, including the Defense Industrial Base Cybersecurity Program and The Society of Industrial Security Professionals and has also fostered local contacts with the Federal Bureau of Investigations ("FBI") and local industry peers. The IT team monitors industry news daily and response to threat feeds from multiple sources. To further its cybersecurity efforts, MtronPTI partners with several external entities including:

 

A strategic customer who provides a network sensor monitored by their 24/7 security operations center;

 

A commercial threat feed integrated with its perimeter security devices in partnership with the Defense Cyber Crime Center;

 

A commercial Domain Name System ("DNS") security service integrated with perimeter security devices; and

 

A commercial email threat detection service including detonation chamber services.

 

All users with email access are provided quarterly and annual cyber security training and participate in bi-weekly phishing tests to maintain continuous awareness of threats. Access to the Company's ERP system is limited by a second layer of access approval and authorization.

 

Based on the information available as of the date of this Annual Report on Form 10-K, we did not identify any cybersecurity threats that have materially affected or are reasonably likely to materially affect our business strategy, financial condition or results of operations. However, despite our security measures, we cannot eliminate all risks from cybersecurity threats, or provide assurances that we will not experience a cybersecurity incident in the future that will materially affect us. Additional information on cybersecurity-related risk is discussed under the heading "Cybersecurity risks and cyber incidents may adversely affect our business by causing a disruption to our operations, a compromise or corruption of our confidential information, and/or damage to our business relationships, all of which could negatively impact our financial results." in Part I, Item 1A. of this Annual Report on Form 10-K.

 

© 2024 Material-Incidents. All rights reserved.