DAKTRONICS INC /SD/ - (DAKT)
10-K Filing Date: June 26, 2024
Item 1C. CYBERSECURITY
Cybersecurity Risk Management and Strategy
The operation of our business is dependent on the secure functioning of our digital information systems and infrastructure. Our cybersecurity risk management program intends to protect the confidentiality, integrity, and availability of our critical systems and information.
We design and assess our cybersecurity risk management program based on published frameworks, including the National Institute of Standards and Technology and routinely evaluate our program for ongoing adherence to those frameworks.
Our cybersecurity program is aligned with our company strategy and governance processes. Our program is designed to deploy and monitor the prevention, detection, mitigation, and remediation of cyber risks and incidents through various means, including:
•A security team responsible for monitoring our infrastructure and managing our cybersecurity risk assessment processes, our security controls, and response to cybersecurity incidents.
21
•Periodic use of outside independent advisors to evaluate the maturity of our cybersecurity program, review processes and policies, conduct penetration and vulnerability tests, and to monitor and help identify potential cybersecurity incidents.
•An incident response plan that includes procedures for identifying, evaluating and responding to cybersecurity incidents.
•A training and awareness communication series addressed to our employees to help them identify potential cybersecurity threats and attacks.
•A risk management process using independent third-party service providers that process and store data. We assess the risks from cybersecurity threats posed by such services.
We have not encountered cybersecurity incidents or identified risks from cybersecurity threats that have materially impaired our operations or financial standing. For a discussion of whether and how any risks from cybersecurity threats are reasonably likely to materially affect us, including our business strategy, results of operations or financial condition, refer to Item 1A. Risk Factors – titled "Our business depends on numerous complex information systems. Any failure to maintain these systems, a network disruption, or breaches in data security could cause a material adverse effect on our business", which is incorporated by reference into this Item 1C.
Cybersecurity Governance
The Strategy and Risk Committee of the Board of Directors oversees the Company’s cybersecurity risks and strategy. A member of the committee has a bachelor and doctoral degrees relevant to and experience in cybersecurity and information technology trends. Management provides the Strategy and Risk Committee periodic reports on cybersecurity risks, risk mitigation in place and planned, and any material cybersecurity incidents. These reports are provided to our Board of Directors. If a material cybersecurity incident were to occur, the Audit Committee would oversee the financial reporting and disclosure and law compliance aspects.
Our program and team of cybersecurity professionals and resources is led and supervised by our Vice President of Information Technology, who has over 25 years of experience in information technology. To execute the program, we utilize internal and external technical experts in cybersecurity risk management, data and network security structures, incident response and security operations, and laws, regulation, and reporting requirements. Our cybersecurity team monitors the prevention, detection, mitigation, management, and remediation of cybersecurity risks and incidents through various means, which may include briefings with internal security personnel threat intelligence and other information obtained from governmental, public or private sources, including external consultants engaged by us; and alerts and reports produced by security tools deployed in our information technology environment. As part of the program, our executive management team is regularly informed about the monitoring, prevention, detection, mitigation, management, and remediation efforts.