MILLER INDUSTRIES INC /TN/ 10-K Cybersecurity GRC - 2024-03-06

Page last updated on April 11, 2024

MILLER INDUSTRIES INC /TN/ reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-06 16:55:34 EST.

Filings

10-K filed on 2024-03-06

MILLER INDUSTRIES INC /TN/ filed an 10-K at 2024-03-06 16:55:34 EST
Accession Number: 0001558370-24-002625

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY We proactively address cybersecurity risk through a comprehensive cybersecurity program to identify, protect, detect and respond to and manage reasonably foreseeable cybersecurity risks and threats. We use a multi-faceted approach including, but not limited to, third-party assessments, internal cybersecurity audits, IT security, governance, risk and compliance reviews. To defend, detect and respond to cybersecurity incidents, we, among other things, require mandatory third-party cybersecurity training and testing for all employees, perform periodic user access reviews across the organization, perform penetration testing using external third-party tools and techniques to test security controls, employ multifactor authentication and biometrics login tools, take steps to verify whether vendors have appropriate cybersecurity programs, and conduct frequent security assessments to identify and remedy vulnerabilities. We also employ the use of Secure Socket Layer inspection on our firewalls, which are able to decrypt and scan all network traffic entering and leaving our facilities. We regularly engage external auditors and consultants to assess our internal cybersecurity programs and compliance with applicable practices and standards, including regularly reviewing and updating our incident response plan. We have not experienced any material cybersecurity incidents to date. However, as described in Item 1A, Risk Factors, any breach of data security could result in a disruption of our services or improper disclosure of personal data or confidential information, which could harm our reputation, require us to expend resources to remedy such a security breach or defend against further attacks or subject us to liability under laws that protect personal data, resulting in increased operating costs or loss of revenue. Cybersecurity is an important part of our enterprise-wide risk management processes and an area of focus for our Board and management. The entire Board of Directors reviews significant cybersecurity risks and works with the Audit Committee to address these issues. Our Chief Information Officer is responsible for overseeing cybersecurity and reports to the Board at all its regular quarterly meetings regarding matters of cybersecurity. These reports include existing and new cybersecurity risks, status on how management is addressing and/or mitigating those risks, cybersecurity and data privacy incidents (if any) and updating the status on defensive security measures and risk assessment and key information security initiatives. Our Board members also engage in ad hoc conversations with management on cybersecurity-related news events and discuss any updates to our cybersecurity risk management and strategy programs. Our Chief Information Officer has been with the Company for more than 25 years, developing and overseeing our information systems and cybersecurity risk management program. Our Chief Information Officer and his team, which includes a cybersecurity professional, are informed about, and monitor the prevention, mitigation, detection and remediation of cybersecurity incidents through their management of, and participation in, the cybersecurity risk management and strategy processes described above, including the operation of our incident response plan, and report to the Board and Audit Committee on any appropriate items.

Company Information