SKECHERS USA INC 10-K Cybersecurity GRC - 2024-02-28

Page last updated on April 11, 2024

SKECHERS USA INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-28 16:15:56 EST.

Filings

10-K filed on 2024-02-28

SKECHERS USA INC filed an 10-K at 2024-02-28 16:15:56 EST
Accession Number: 0000950170-24-022106

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity CYBERSECURITY RISK MANAGEMENT AND STRATEGY We recognize the critical importance of maintaining the safety and security of our systems and data and have a holistic process for overseeing and managing cybersecurity and related risks. This process is supported by both management and our Board of Directors. We have developed and implemented a Cybersecurity Risk Management Program intended to protect the confidentiality, integrity, and availability of our critical systems and information. Our cybersecurity risk management program includes a cybersecurity incident response plan. 14 We leverage industry standard frameworks such as the National Institute of Standards and Technology Cybersecurity Framework ( NIST CSF ) and Center for Internet Security ( CIS ) to inform how we identify, assess, and manage cybersecurity risks relevant to our business. Our Cybersecurity Risk Management Program includes: risk assessments designed to help identify material cybersecurity risks to our critical systems, information, products, services, and our broader enterprise IT environment; a security team principally responsible for managing (1) our cybersecurity risk assessment processes, (2) our security controls, and (3) our response to cybersecurity incidents; cybersecurity awareness training of our employees, and incident response personnel; a cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents; a third-party risk management process for service providers, suppliers, and vendors; and engage third parties for our 24/7 monitoring, detection, and response; regular penetration testing, program controls assessment, and proactive incident preparedness activities. We have not identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected or are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition. Cybersecurity Governance Our Board of Directors is responsible for overseeing our enterprise risk management activities in general, and each of our Board committees assists the Board in the role of risk oversight. Our Senior Vice President ( SVP ) of Information Technology and the Senior Director of Information Security have overall responsibility for assessing and managing our material risks from cybersecurity threats. To help ensure effective oversight, the Audit Committee receives reports on information security and cybersecurity at least annually, and receives an update quarterly on information security and cybersecurity from materials provided by the Senior Director of Information Security. The Senior Director of Information Security oversees the Information Security Steering Committee ( Steering Committee ), which provides education on the Company s cybersecurity programs and controls to key members of the Company. The Steering Committee meets quarterly and is comprised of members from the Executive Leadership Team, including the Chief Financial Officer and Executive Vice President of Business Affairs, as well as the SVP of Information Technology, Senior Director of Information Security, VP of Corporate Communications, SVP of Digital Innovation, and Head of Global Human Resources. Cybersecurity risk management is led by our SVP of Information Technology, who reports to our Chief Operating Officer, and generally is responsible for management of cybersecurity risk and the protection and defense of our networks and systems. The SVP of Information Technology manages a team of cybersecurity professionals with broad experience, including in cybersecurity threat assessments and detection, mitigation technologies, cybersecurity training, incident response, cyber forensics, insider threats and regulatory compliance. We continue to invest in cybersecurity and resiliency of our networks and adapt our internal controls and processes, which are designed to help protect our systems and infrastructure, and the information they contain. For more information regarding the risks we face from cybersecurity threats, please see Item 1A Risk Factors.

Company Information