Daseke, Inc. 10-K Cybersecurity GRC - 2024-03-07

Page last updated on April 11, 2024

Daseke, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-07 16:30:53 EST.

Filings

10-K filed on 2024-03-07

Daseke, Inc. filed an 10-K at 2024-03-07 16:30:53 EST
Accession Number: 0000950170-24-028034

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy Our cybersecurity strategy prioritizes detection, analysis and response to known, anticipated or unexpected threats; effective management of security risks; and resiliency against incidents. Our cybersecurity risk management processes include various security controls, enforcement of company policies, monitoring systems, employee training, contractual arrangements, tools and related services from third-party providers, and management oversight to assess, identify and manage material risks from cybersecurity threats. We implement risk-based controls to protect our information, the information of our customers, suppliers, and other third parties, our information systems, our business operations, and our related services. We have adopted security-control principles based on the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) and other industry-recognized standards. This does not mean that we meet any particular technical standards, specifications, or requirements, but only that we use the NIST CSF as a guide to help us identify, assess, and manage cybersecurity risks relevant to our business. Information about cybersecurity risks and our risk management processes is collected, analyzed and considered as part of our overall enterprise risk management program. We maintain a Cybersecurity Incident Management Policy (Cybersecurity Policy), which provides guidance and processes for identifying, reporting, assessing, resolving and ensuring timely public disclosure, when appropriate, of cybersecurity threats, including both cybersecurity threats directed at our company and those associated with our use of third-party service providers. We have retained a leading cybersecurity incident response vendor to assist us in responding to cybersecurity incidents and we maintain relationships with integration vendors to help us recover or rebuild technology systems in the event of a large-scale cybersecurity incident. 23 Table of Contents Key components of our cybersecurity risk management program include: risk assessments designed to help identify cybersecurity risks to our critical systems, information, services, and our broader enterprise information technology (IT) environment; a security team, led by our Senior Vice President that oversees IT (our SVP IT), principally responsible for managing (1) our cybersecurity risk assessment processes, (2) our security controls, and (3) our response to cybersecurity incidents; the use of external service providers, where appropriate, to assess, test or otherwise assist with aspects of our security processes; cybersecurity awareness training of our employees, incident response senior management; and a cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents. At this time, we have not identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected us, including our operations, business strategy, results of operations, or financial condition. We face certain ongoing risks from cybersecurity threats that, if realized, are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition. See Risk Factors - The Company is dependent on computer and communications systems, and a systems failure, cyber-attack or data breach could cause a significant disruption to its business and cause financial losses. Governance Our Board of Directors has overall responsibility for risk oversight, with its committees assisting the Board in performing this function based on their respective areas of expertise. Our Board of Directors has delegated oversight of risks related to cybersecurity to the Audit Committee, which reports on its activities and findings to the full Board after each meeting. The Audit Committee is charged with reviewing our cybersecurity processes for assessing key strategic, operational, and compliance risks. Our SVP IT provides periodic presentations to the Audit Committee on cybersecurity risks. These briefings include assessments of cyber risks, the threat landscape, updates on any incidents, and reports on our investments in cybersecurity risk mitigation and governance. In the event of a potentially material cybersecurity event, the Chair of the Audit Committee is notified and briefed, and meetings of the Audit Committee and/or full Board of Directors would be held, as appropriate. Three of the members of our Audit Committee have significant expertise in various aspects of cybersecurity programs. Our SVP IT, in coordination with the Company s executive team, works collaboratively across the Company to implement a program designed to protect the Company s information systems from cybersecurity threats and to promptly respond to any cybersecurity incidents in accordance with the Company s incident response and recovery plans. To facilitate the success of the Company s cybersecurity risk management program, multidisciplinary teams throughout the Company are deployed to address cybersecurity threats and to respond to cybersecurity incidents. Through ongoing communications with these teams, the SVP IT oversees the monitoring, prevention, detection, mitigation, and remediation of cybersecurity threats and incidents, and reports such threats and incidents to the Board when appropriate. Our SVP IT has twenty years of experience in the IT field, including managing risks arising from cybersecurity threats. The SVP IT is supported by a staff of IT professionals. Also supporting our SVP IT in assessing and managing the Company s material risks from cybersecurity threats are the Company s COO, CFO, and General Counsel, each of whom have over 20 years of experience managing risks at the Company and at similar companies, including risks arising from cybersecurity threats.

Company Information