STONERIDGE INC 10-K Cybersecurity GRC - 2024-03-01

Page last updated on July 2, 2024

STONERIDGE INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-01 15:16:41 EST.


10-K filed on 2024-03-01

STONERIDGE INC filed an 10-K at 2024-03-01 15:16:41 EST
Accession Number: 0001043337-24-000007

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. Cybersecurity Risk Management and Strategy The Company has processes in place to identify, assess, and monitor material risks from cybersecurity threats, which are part of the Company’s overall cybersecurity risk management strategy and have been embedded in the information systems operating procedures and internal controls. Our information technology (“IT”) function manages IT operations and continually evolves our systems to meet the constantly changing digital environment. We enhanced our workstation, server, email security, and network monitoring with managed detection and response and alerting capabilities. We perform periodic cybersecurity risk assessments to identify, assess, and prioritize potential risks to information, data assets, and infrastructure. The Company addresses identified risks and develops and implements controls to mitigate issues. The Company engages third parties in connection with its cybersecurity processes as appropriate. The Company has established processes to identify risks from cybersecurity threats associated with its third-party service providers. The Company has established a cybersecurity policy which requires mandatory compliance of all Company directors, officers, employees, interns, consultants, and contractors. The Company has also established cybersecurity and information security awareness training programs. Employees with access to the Company’s network receive annual training on topics such as phishing, malware, and other cybersecurity risks. Training is administered and tracked through online learning modules. We work to continually evolve our systems to meet the constantly changing digital environment and continue to invest in the cybersecurity and resiliency of our networks and to enhance our internal controls and processes, which are designed to help protect our systems and infrastructure, and the information they contain. There have been no risks from cybersecurity threats that have materially affected or are reasonably likely to materially affect our business strategy, results of operations or financial condition. The nature of potential cybersecurity risks and threats are uncertain, and any future incidents, outages or breaches could have a material adverse effect on the Company’s business, financial conditions or results of operations. For more information about the cybersecurity risks we face, refer to the Risk Factors in section “Information Technology and Cybersecurity Risks” in Part I, Item 1A, “Risk Factors”. Cybersecurity Governance The Company’s Board of Directors, as a whole, has oversight responsibility for our strategic and operational risks. The Audit Committee of the Board of Directors is responsible for board-level oversight of cybersecurity risk, and the Audit Committee regularly reports risks and compliance actions to the Board. As part of its’ oversight role, the Audit Committee receives reporting about the Company’s strategy, programs, incidents and threats, and other developments and action items related to cybersecurity regularly throughout the year, including through periodic updates from the Chief Information Officer (“CIO”). Our cybersecurity program is managed by our Director of Global IT Architecture and Cybersecurity (the “Cybersecurity Director”), and our CIO, who reports directly to our Chief Executive Officer. Our CIO and Cybersecurity Director each have over 30 years of experience leading numerous business and technology initiatives and global cross-functional projects to improve the Company’s business systems, infrastructure, and processes, including extensive experience assessing and managing cybersecurity programs and risk . Our CIO and the IT function monitor the prevention, mitigation, detection, and remediation of cybersecurity incidents through their management of, and participation in, the processes described above, including the operation of the Company’s incident response plans, which include appropriate escalation to the executive team and the Audit Committee. As discussed above, the CIO reports at least semiannually to the Audit Committee about cybersecurity threat risks, among other cybersecurity related matters.

Company Information

SIC DescriptionMotor Vehicle Parts & Accessories
TickerSRI - NYSE
CategoryAccelerated filer
Fiscal Year EndDecember 30