CEVA INC 10-K Cybersecurity GRC - 2024-03-07

Page last updated on April 11, 2024

CEVA INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-07 16:31:07 EST.

Filings

10-K filed on 2024-03-07

CEVA INC filed an 10-K at 2024-03-07 16:31:07 EST
Accession Number: 0001437749-24-006970

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. Cybersecurity Cybersecurity represents an important component of our overall approach to enterprise risk management ( ERM ), and is one of the key risks identified for oversight by the Board through our annual ERM assessment. Our ERM approach generally, and our cybersecurity practices in particular, are based upon industry standards and implemented using managed security applications. We generally approach cybersecurity threats through a cross-functional approach which endeavors to: (i) prevent and mitigate cybersecurity threats to the Company; (ii) maintain the confidence of our customers, clients and business partners; (iii) preserve the confidentiality of our employee s information; and (iv) protect our intellectual property. Risk Management and Strategy Our cybersecurity program focuses on the following areas: Vigilance : We maintain 24/7 cybersecurity threat operations in order to rapidly detect, contain and respond to cybersecurity threats and incidents. Systems Safeguards : We deploy technical safeguards that are designed to protect our information systems from cybersecurity threats. These safeguards include firewalls, intrusion prevention and detection systems, anti-malware functionality, access controls and ongoing vulnerability assessments. Third-Party Management : We screen venders, service providers and other third parties that may gain access to our systems based on their expertise, reliability, reputation and industry credentials, and have implemented measures to further enable us to identify and oversee cybersecurity risks presented users of our systems.. Education : All of our employees are trained at least annually on cybersecurity threats and our information security procedures, which reinforces our information security policies, standards and practices. Incident Response Planning : We have established and continue to maintain an incident response plan that addresses our response to a cybersecurity incident. Communication and Coordination : We utilize a cross-functional approach to address the risk from cybersecurity threats, involving management personnel from the technology, operations, legal, risk management, internal audit and other key business functions, as well as including our board of directors in an ongoing dialogue regarding cybersecurity threats and incidents. Governance : Our board of directors oversight of cybersecurity risk management is supported by our Chief Financial Officer and Compliance Officer, who interacts directly with, and is provided relevant information by, our cybersecurity team. While our board of directors has the ultimate oversight responsibility over the management of cybersecurity risk, our audit committee reviews the risk management process relating to cybersecurity on a regular basis. We evaluate the effectiveness of our cybersecurity threat risk management through the assessment and testing of our processes and practices. We regularly engage consultants, auditors and other third parties to perform assessments on our cybersecurity measures. The assessments include information security maturity evaluations, independent environmental security control reviews, operating effectiveness and penetration testing. We make adjustments to our cybersecurity processes and practices as necessary based on the information provided by the third-party assessments and reviews. Governance Our board of directors as a whole is responsible for overseeing the management of risks pertaining to cybersecurity threats. Our board receives regular presentations and reports from the management team on information regarding the policies, processes and practices that we implement to address risks from cybersecurity threats including, for example, discussion of recent developments, evolving standards, third-party and independent reviews, the threat environment and technological trends. Additionally, to the extent we identify any cybersecurity incident that could pose a significant risk to the Company, the board will receive prompt and timely information regarding the incident and ongoing updates until such incidents have been addressed. 31 Table of Contents Our cybersecurity team is composed of the global head of Information Technology & Management Information Systems, the Chief Information Security Officer ( CISO ) and deputy CISO. The cybersecurity team, along with internal security stakeholders, are the team members principally responsible for overseeing and implementing our cybersecurity risk management program. Our cybersecurity team members each possess 15-25 years of cybersecurity experience, with strong educational qualifications including post-secondary education, industry certifications and other relevant developmental training. We believe this collective experience allows us to effectively manage risks emerging from cybersecurity threats. The cybersecurity team works collaboratively across the Company to implement customized programs designed to protect and respond to cybersecurity threats and to promptly respond to any cybersecurity incidents. To facilitate the success of this program, multi-disciplinary teams throughout the Company are deployed to address cybersecurity threats and to respond to cybersecurity incidents in accordance with our incident response plan. Chief concerns are reported to our broader management team when appropriate. We have not previously experienced any material cybersecurity incidents. In addition, cybersecurity threats have not materially affected, and we do not believe they are reasonably likely to affect, the Company, including our business strategy, results of operations, or financial condition.

Company Information