Page last updated on April 11, 2024
Gates Industrial Corp plc reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-08 16:59:50 EST.
Filings
10-K filed on 2024-02-08
Gates Industrial Corp plc filed an 10-K at 2024-02-08 16:59:50 EST
Accession Number: 0001718512-24-000010
Item 1C. Cybersecurity.
Risk Management and Strategy
The Company’s cybersecurity program is designed to ensure our technology environment is operating and maintained in accordance with best practices, utilizing the National Institute of Standards and Technology framework as a key component of its approach to risk management. To identify, assess, and manage cybersecurity threat risks, the Company:
- maintains a 24-hour cybersecurity team to continuously monitor its technology systems and emerging threat types and to respond to identified vulnerabilities;
- deploys a variety of defenses, including automatic blocking of potential cybersecurity threats;
- utilizes third-party system scanning tools, cybersecurity threat intelligence reports as well as cybersecurity threat reports from its business partners, each of which assists our monitoring efforts;
- utilizes a scoring system to prioritize non-urgent mitigation activities;
- completes annual third-party testing, the results of which are discussed with the Company’s Audit Committee, and periodic third-party table-top exercises and gap assessments;
- maintains a mandatory internal educational program for employees, including phishing simulations, required courses at the time of hire and annually thereafter, and microlearning courses throughout the year, to ensure continual awareness of new and emerging threats;
- has adopted information technology policies applicable to its employees, including the Company’s Acceptable Use Policy, Dual Use Device Policy, Information Security Policy, Password Policy and Security Incident Response Plan (“SIRP”).
The Company conducts reputational analysis and security reviews for certain of its vendors to manage cybersecurity threats from the use of third-party services.
We continue to make investments to enhance the protection of our information technology systems and our business from cybersecurity incidents, including maintaining a cybersecurity insurance policy. For a discussion of whether and how any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations or financial condition, please see Item 1A. Risk Factors"-Risks Related to Cybersecurity and Information Systems" for further information.
Governance
Our Board, with the assistance of its audit committee (“Audit Committee”), oversees the Company’s cybersecurity programs and strategies. At least annually, the Board receives a report on the Company’s information technology strategy, including cybersecurity measures, from our Chief Information Officer (“CIO”). The Audit Committee oversees the Company’s guidelines and policies with respect to risk assessment and risk management, including risk exposures related to information security, cybersecurity and data protection, and the steps management has taken to monitor and control such exposures. At least quarterly, the Audit Committee receives a report from our CIO on the Company’s cybersecurity risks and mitigation activities, including reports of any significant cybersecurity incident affecting the Company.
Assessment and management of the Company’s risks from cybersecurity threats is led by our Chief Information Security Officer (“CISO”) and our CIO to whom our CISO reports. Our CISO maintains our SIRP and manages day-to-day incident identification, assessment and management and continuously updates our CIO on such matters. Our CIO and CISO lead our overall cybersecurity risk management program, including ongoing assessments of system vulnerabilities and mitigation efforts. Our CISO or CIO escalates cybersecurity incidents to other members of the Company’s leadership, as appropriate. In addition, to ensure cybersecurity risks are considered within the Company’s ERM process, our CIO serves on our Enterprise Risk Committee which directs the ERM process.
Our CISO has over 11 years of experience assisting organizations in responding to cybersecurity incidents, serving as a chief information security officer for the past five years. He holds a Certified Information Systems Security Professional certification and a master’s degree in information technology management, with an emphasis on cybersecurity. He has also completed several supplemental courses on cyber incident response, including SANS 504 - Hacker Tools, Techniques, and Incident Handling.
Our CIO has over 20 years of experience in cybersecurity. He founded and built Internet start-ups and Internet Service Providers, protecting them from threats, and responding to cybersecurity events. He has rebuilt and directed cybersecurity departments in global public companies for the last six years. He is an advisory board member for various cybersecurity and technology companies and holds a B.S. in Computer Science and an MBA.
Company Information
| Name | Gates Industrial Corp plc |
| CIK | 0001718512 |
| SIC Description | General Industrial Machinery & Equipment |
| Ticker | GTES - NYSE |
| Website | |
| Category | Large accelerated filer |
| Fiscal Year End | December 29 |