CTS CORP 10-K Cybersecurity GRC - 2024-02-23

Page last updated on April 11, 2024

CTS CORP reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-23 15:05:49 EST.

Filings

10-K filed on 2024-02-23

CTS CORP filed an 10-K at 2024-02-23 15:05:49 EST
Accession Number: 0000950170-24-019292

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy The Company s cybersecurity risk management strategy is comprised of several key elements. We assess our information technology and data management/storage systems and related policies and practices and to help guide and prioritize our cybersecurity and information technology-related investments, activities and risk management strategy. We leverage a variety of technologies to attempt to mitigate the risk of cybersecurity threats and incidents. The Company has a multi-layer approach to its technology solutions, including employing applications used for perimeter, network, end point and application security as well as for data recovery, in each case tailored to the Company s systems, data, risk profile and mitigation strategy. From time to time we use third-party service providers and software to augment and test our technology solutions and further support our risk mitigation strategy. We have a cybersecurity training program that covers a variety of topics designed to educate our employees about the importance of cybersecurity awareness, highlight typical cybersecurity-related risks and issues (such as phishing attacks and other methods used to attempt to infiltrate our systems) and test that awareness using knowledge assessments and simulations. The training is administered to employees on a rolling basis, and we use a third-party provider for the content periodically update the training to incorporate new cybersecurity-related developments. The oversight of our cybersecurity risk is integrated into our enterprise-wide risk management process. We annually review cybersecurity risk as part of our enterprise risk management process and evaluate whether to integrate those findings into our overall cybersecurity strategy. We have a Cybersecurity Strategy Committee, which is a cross-functional team of business representatives led by our Vice President of IT & Digitization, which is responsible for spearheading the ongoing development and execution of our cybersecurity strategy. The Cybersecurity Strategy Committee meets regularly and at other times as needed, and periodically updates the Company s management on its progress and activities. Like many other companies, from time to time, we detect attempts by third parties to gain access to our systems and networks, and the frequency of such attempts could increase in the future. As of the date of this Annual Report on Form 10-K, we are not aware of any cybersecurity threats that have materially affected or are reasonably likely to materially affect the Company, including its business strategy, results of operations or financial condition. However, there can be no assurance that our efforts to prevent or mitigate CTS CORPORATION 19 Table of Contents cybersecurity incidents will be successful. Please see Risks Related to Technology and Data Privacy in Risk Factors in Section 1A of this Annual Report on Form 10-K. Governance Our cybersecurity program is overseen by a Vice President of IT & Digitization and information technology team (collectively, the IT Team ) responsible for identifying, assessing, monitoring, managing and communicating the Company s cybersecurity risks. The IT team includes members with experience developing and implementing enterprise-wide cybersecurity strategies and initiatives, managing risks relating thereto, and evaluating industry standards and regulations. While our Board has the ultimate oversight responsibility for the risk management process, the Audit Committee is responsible for oversight of our cybersecurity strategy and risks. The Audit Committee is provided with quarterly and as needed updates on the Company s cybersecurity strategy and risks. In addition, the Board is provided with an annual cybersecurity update that addresses similar topics to those discussed with the Audit Committee on a quarterly basis. In the event of a reported potential cybersecurity incident, our IT Team decides whether such incident triggers our Cybersecurity Threat Evaluation and Response Plan (the Response Plan ). If triggered, the Company s cybersecurity response team, as needed under the circumstances (the Cyber Response Team ), is convened. Members of the Cyber Response Team, as appropriate and as set forth in the Response Plan, are responsible for developing, recommending and implementing measures to address the cybersecurity incident, including when appropriate, assessing, containing and mitigating its impact, notifying members of the Company s management, the Audit Committee and the full Board of the cybersecurity incident, and coordinating external communications, in each case as appropriate under the circumstances. The IT Team is responsible for implementing and monitoring the effectiveness of any remediation plan adopted as a result of the cybersecurity incident.

Company Information