ESCALADE INC - (ESCA)
10-K Filing Date: March 29, 2024
Cybersecurity Risk Management and Strategy
As a company committed to safeguarding our operations, assets and stakeholders against cyber threats, we recognize the critical importance of the need for cybersecurity risk management and strategy. In today’s digital landscape, where cyber threats continue to evolve and proliferate, it is imperative that we remain vigilant and proactive in our approach to cybersecurity.
In this section, we outline our cybersecurity risk management strategies and initiatives aimed at mitigating cyber risks and ensuring the resilience of our organization. From risk assessment and threat detection and continuous improvement, our approach to cybersecurity reflects our resolve to maintain the confidentiality, integrity and availability of our systems and data.
Key components of our cybersecurity risk management program include:
● | Risk Assessment – We regularly conduct risk assessments to identify and evaluate potential cybersecurity threats and vulnerabilities. These assessments consider factors such as our current IT infrastructure, the sensitivity of our data, industry best practices, and emerging cybersecurity trends. |
● | Threat Detection and Prevention – Given our limited resources, we prioritize the deployment of cost-effective tools and technologies for threat detection and prevention. This includes the use of firewalls, intrusion detection systems, antivirus software, and security information and event management (SIEM) solutions to monitor and mitigate potential security incidents. |
● | Employee Training and Awareness – We understand that employees play a crucial role in maintaining cybersecurity. Therefore, we provide regular training and awareness programs to educate our staff about cybersecurity best practices, common threats and how to recognize and report suspicious activities. |
● | Engagement of Third-Party Consultants and Assessors – In addition to our internal efforts to manage cybersecurity risks, we recognize the value of engaging third-party consultants, firms or assessors to provide specialized expertise and support in enhancing our cybersecurity posture, policies and procedures. While our internal IT staff possess valuable skills and knowledge, leveraging external resources can provide additional insights, validation and assurance in our cybersecurity initiatives. |
● | Continuous Improvement – We are committed to continuously improving our cybersecurity posture in line with industry standards and best practices. This includes staying informed about emerging threats and vulnerabilities, conducting regular security audits and assessments and investing in cybersecurity technologies and training as resources allow. |
Currently, we have not identified any risks stemming from known cybersecurity threats, including those resulting from previous cybersecurity incidents, which have significantly impacted our operations, business strategy, financial condition or results of operations. We face certain ongoing risks from cybersecurity threats that, if realized, are reasonably likely to materially affect the Company’s business. See “Risk Factors – Operational Risks to the Company and Our Business.”
Cybersecurity Governance
Our Board considers cybersecurity risk as part of its risk oversight function and has delegated to the Audit Committee oversight of cybersecurity and other threats or risks. The Audit Committee is primarily responsible for overseeing the Company’s risk management processes, which include cybersecurity, global operations, product compliance and other regulatory risks.
The Audit Committee receives reports from management regarding the Company’s assessment of the cybersecurity risks, and other risks, on an annual basis. In addition, management updates the Audit Committee, as necessary, regarding any significant cybersecurity incidents. The Audit Committee reports regularly to the full Board regarding its activities, including those related to cybersecurity.
Management of the Company is responsible for the day to day risk management process, specifically the Director of IT, who reports and operates under the direction of the Chief Financial Officer (CFO), who then reports directly to the Audit Committee regarding such risks. The CFO provides updates to the Audit Committee on cybersecurity risks and threats annually, but the Director of IT attends both the Audit Committee meetings and the Board meetings to provide further updates on cybersecurity and other IT related matters. At a minimum, the Audit Committee is given updates on a quarterly basis, but if a situation were to arise, the Audit Committee would be notified once the Company was aware of the issue.
Our management team, led by our CFO, is informed about and monitors the prevention, detection, mitigation and remediation of cybersecurity risks and incidents through updates by our Director of IT. This management team is responsible for assessing and managing risks that may arise from cybersecurity threats. Our CFO has over 10 years of experience managing IT operations including strategy, infrastructure and execution. Our Director of IT has over 20 years of experience in information technology including roles managing operations, compliance, development, applications, information security, support and execution.