Hub Group, Inc. 10-K Cybersecurity GRC - 2024-02-27

Page last updated on April 11, 2024

Hub Group, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-27 17:27:47 EST.

Filings

10-K filed on 2024-02-27

Hub Group, Inc. filed an 10-K at 2024-02-27 17:27:47 EST
Accession Number: 0000950170-24-021432

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. CYBERSECURITY Hub operates in the transportation and logistics sector, which is subject to various cybersecurity risks that could adversely affect our business, financial condition and results of operations. We have implemented a risk-based approach aligned with industry standards to identify and assess the cybersecurity threats that could affect our business and information systems. We conduct periodic risk assessments to identify the potential impact and likelihood of various cyber scenarios, including those involving third-party service providers, and to determine the appropriate mitigation strategies and controls. We use various tools and methodologies to manage cybersecurity risk, including implementation of a business continuity process that includes a comprehensive Incident Response Protocol that is tested on a regular cadence and an information security training and awareness program. We also monitor and evaluate our cybersecurity posture and performance on an ongoing basis through regular vulnerability scans, penetration tests and threat intelligence feeds. We require third-party service providers with access to personal, confidential or proprietary information to implement and maintain comprehensive cybersecurity practices consistent with applicable legal standards and industry best practices. 17 Our business depends on the availability, reliability, and security of our information systems, networks, data and intellectual property. Any disruption, compromise or breach of our systems or data due to a cybersecurity threat or incident could adversely affect our operations, customer service, product development and competitive position. They might also result in a breach of our contractual obligations or legal duties to protect the privacy and confidentiality of our stakeholders. Such a breach could expose us to business interruption, lost revenue, ransom payments, remediation costs, liabilities to affected parties, cybersecurity protection costs, lost assets, litigation, regulatory scrutiny and actions, reputational harm, customer dissatisfaction, harm to our vendor relationships or loss of market share. In the last three years prior to filing of this Form 10-K, the Company has not experienced any significant information security breach. Our Board has direct oversight of cybersecurity risks and strategy and receives quarterly updates from our Chief Information Officer (CIO). The Board has also delegated to the Audit Committee responsibilities related to cybersecurity and other risks of the Company. Our CIO has spent over 20 years in engineering and product development roles and our VP of Information Security and Operations has spent over 25 years in infrastructure and cybersecurity roles including in the finance and insurance industries. Additionally, one of the independent directors on our Board and a member of our Audit Committee has significant experience leading technology and information systems at some of the country s leading hospitals and adds to our Board substantial expertise and knowledge in information technology, privacy, data governance and cybersecurity. A cross-functional incident response team, which includes members of our management team, determines the apparent severity of reported potential incidents and operationalizes the cybersecurity incident response protocol.

Company Information