INTERFACE INC 10-K Cybersecurity GRC - 2024-02-28

Page last updated on April 11, 2024

INTERFACE INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-28 16:42:14 EST.

Filings

10-K filed on 2024-02-28

INTERFACE INC filed an 10-K at 2024-02-28 16:42:14 EST
Accession Number: 0000715787-24-000005

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Risk Management Strategy Assess, Identify and Manage Material Risks from Cybersecurity Threats Interface has integrated cybersecurity risk management into our broader enterprise risk management framework. This integration ensures that cybersecurity considerations are an integral part of our entity-level risk assessment and decision-making process. Cybersecurity risk management is also a vital part our IT incident management and disaster recovery policy that outlines a systematic approach of implementing and executing strategies and procedures to enable the recovery and restoration of vital business functions and IT infrastructure following a significant disruptive event. Engagement of Third Parties Interface engages a range of external experts in evaluating and testing our cybersecurity risk management systems. These partnerships enable us to leverage specialized knowledge and insights, ensuring our cybersecurity strategies and processes remain at the forefront of industry best practices. In the event of a cybersecurity incident, the Company uses external experts to assist with an investigation of the incident, an evaluation of the extent to which the cybersecurity event has impacted the Company s operations, financial condition, and IT infrastructure, and the recovery and restoration following the incident. We evaluate the inherent risk associated with using external experts by conducting thorough security assessments before engagement and perform ongoing monitoring to ensure compliance with our cybersecurity standards. Governance and Oversight The Audit Committee has oversight responsibility for cybersecurity risk management. The Audit Committee is comprised of board members with diverse experience and expertise to effectively oversee risk, although none of them are cybersecurity experts. Our Chief Information Officer, in his capacity, regularly informs the Audit Committee (typically twice per year) and the full board (typically once per year) on all aspects related to cybersecurity risks, as well as any remediation efforts in response to a cybersecurity incident. Risks from Cybersecurity Threats Our IT systems face a myriad of cybersecurity threats, including, without limitation, hacking, computer viruses, denial of service attacks, malware, ransomware, phishing scams, compromised or irretrievable backups, and other cyber attacks. Any of these events which deny us use of vital IT systems may seriously disrupt our normal business operations and lead to production or shipping stoppages, revenue loss, and reputational harm. To the extent our IT systems store sensitive data, including data related to customers, employees or other parties, risks from cybersecurity threats may expose us to fines and other liabilities, and reputational harm if such data is misappropriated. In addition, as cybercriminals continue to become more sophisticated and numerous, the costs to defend and insure against cyberattacks can be expected to rise. On November 20, 2022, we discovered a cybersecurity attack, perpetrated by unauthorized third parties, affecting our IT systems. In response to this Cyber Event, we notified law enforcement and took steps to supplement existing security monitoring, including scanning and protective measures. The investigation of the Cyber Event was completed during fiscal year 2023. A more detailed discussion of the Cyber Event can be found in Item 7 entitled Management s Discussion and Analysis of Financial Condition and Results of Operations of this Annual Report on Form 10-K. 21 Table of Contents

Company Information