LSB INDUSTRIES, INC. 10-K Cybersecurity GRC - 2024-03-06

Page last updated on April 11, 2024

LSB INDUSTRIES, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-06 16:10:57 EST.

Filings

10-K filed on 2024-03-06

LSB INDUSTRIES, INC. filed an 10-K at 2024-03-06 16:10:57 EST
Accession Number: 0000950170-24-027144

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Risk Management and Strategy We recognize the importance of developing, implementing, and maintaining robust cybersecurity measures to maintain the security, confidentiality, integrity, and availability of our business systems and commercially sensitive or confidential information. Our business depends on the proper functioning and availability of our information technology platform, including communications and data processing systems. We are also required to effect electronic transmissions with third parties including clients, vendors and others with whom we do business, and with our Board. We also recognize that, as we continue to increase our dependence on information technologies to conduct our operations the risks associated with cyber security also increase. LSB utilizes an enterprise-wide risk management process to identify, assess and manage risks faced by our organization. The Company s Enterprise Risk Management Committee ( ERM Committee ), is designated with the responsibility to direct our risk management program and to execute our risk management strategy, including cyber and technology risk. To protect our information systems and operations from risks and to execute our cyber strategy, we use various security processes and technology tools that help identify, investigate, assess, prevent, and resolve potential vulnerabilities and security incidents in a timely manner. These include, but are not limited to, detection, monitoring and reporting tools. Our team uses widely adopted methods and models to identify, prioritize and manage cyber and technology risks and develop related information security controls and safeguards. In partnership with third party advisors and consultants, we conduct regular reviews and tests of our program and leverage audits, penetration and vulnerability testing, cyber risk tabletops and security awareness trainings, and other cyber exercises to evaluate the effectiveness of our program and improve our security measures. Our information security policies are designed to address current applicable legal requirements and to align with recognized frameworks for cyber risk management. These standards cover physical, administrative, and technical controls and address a wide range of current cyber threats. These policies and standards are reviewed and updated on a regular basis in order to respond to the constantly changing threat landscape. Governance Our Board of Directors considers cybersecurity to be a business risk and oversees enterprise-wide risks through the Audit Committee. The Audit Committee is designated by the Board with the responsibility for monitoring and reporting on management s cybersecurity and risk management processes. The ERM Committee is the management-entity designated by the Chief Executive Officer with the responsibility to direct and execute our risk governance and strategy, including cyber risk. This ERM Committee is composed of the Company s Executive Vice Presidents and each of the Company s Senior Vice Presidents. Our Senior Vice President and Treasurer chairs the ERM Committee. The Vice President for Information Technology ( IT ) leads the information security program, manages cyber governance and incident management. The Vice President of IT and the Director of Infrastructure and Security have over forty-five years of combined information technology experience and over a decade of cybersecurity experience. The ERM Committee and 25 Vice President for IT assess cyber risk and provide recommendations for management. The Chair of the ERM Committee and the Vice President for IT brief the Audit Committee regularly. These updates include an overview of cyber risk management activities, cyber threats, and key information security processes and mitigation efforts. The Chair of the Audit Committee provides regular reports to the Board of Directors on critical cyber risk and security topics presented to the Committee by management. Incident Management We have implemented security procedures and measures in order to protect our information from being vulnerable to theft, loss, damage or interruption from a number of potential sources or events. LSB maintains and tests an incident response plan that outlines steps for the containment, investigation of, response to and recovery from cyber events. The plan also includes information pertaining to roles, responsibilities, and reporting process. This plan is a part of our formal, enterprise-wide crisis management process, which outlines a communication plan with executive leadership as well as guidelines for communication with the Board of Directors. Although we make efforts to maintain the security and integrity of our information systems and technology operations, these systems are subject to the cyber risk of incident or disruption, and there can be no assurance that our security safeguards, and those of our third-party providers, will prevent incidents to our or our third-party providers systems that could adversely affect our business. For a discussion of these risks, see Item 1A. Risk Factors General Risk Factors.

Company Information