Distribution Solutions Group, Inc. 10-K Cybersecurity GRC - 2024-03-07

Page last updated on July 16, 2024

Distribution Solutions Group, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-07 07:54:37 EST.


10-K filed on 2024-03-07

Distribution Solutions Group, Inc. filed a 10-K at 2024-03-07 07:54:37 EST
Accession Number: 0000703604-24-000021

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY. Risk Management & Strategy We are focused on addressing the growing threat of cybersecurity risks that we face in today’s global business environment and have identified cybersecurity as an important enterprise risk. Our cybersecurity risk management program is part of our overall enterprise risk management program, and is focused on identifying, assessing, managing, and remediating material risks from cybersecurity incidents. We rely on risk-based security controls, including access limitations and contractual requirements on third-party service providers, as part of our overall approach of protecting the integrity, availability and confidentiality of our important systems and information. We have an established cyber incident response plan to respond to cyber incidents. We continue to improve our cybersecurity program and processes by investing in preventative measures. We engage consultants and third-party service providers in connection with our cybersecurity risk testing and assessment. These third-party service providers assist us in evaluating our cybersecurity program, provide support for threat monitoring and detection, and scan for vulnerabilities and other cybersecurity events which may pose a significant risk to the Company. We also engage in cybersecurity training, with the employees of certain of our operating companies undergoing compulsory training that enables them to detect and report malware, ransomware and other malicious software or social engineering attempts that may compromise the Company’s information technology systems, and those employees are routinely assessed on this training. Employees are also generally required to complete compulsory training covering the handling of sensitive data. As the cyber landscape evolves, both in our technology systems and in the broader context of the internet and expanding connectivity, management continually updates its cybersecurity approach as part of its effort to safeguard the Company’s sensitive information and assets. We have not experienced any cybersecurity incidents in the last two years, including as a result of the Cyber Incident, that have materially affected the business strategy, results of operations, or financial condition of the Company. For more information regarding how cybersecurity threats could materially affect our business strategy, results of operations or financial condition, see “Cyber-attacks or other information security incidents could have a material adverse effect on our business strategy, results of operations or financial condition and subject us to additional legal costs.” in Item 1A. Risk Factors. Corporate Governance Our Board of Directors has overall responsibility for risk oversight and has delegated the oversight of risks associated with cybersecurity to the Audit Committee. The Audit Committee reports to the Board on our cybersecurity risk management practices and performance, generally on a quarterly basis. The Audit Committee receives reports from senior members of management, including from each of our Chief Information Officers (“CIOs”) (which include the CIO of each of our principal operating companies: Lawson, TestEquity and Gexpro Services), and the internal audit department regarding the cybersecurity risk management program. Among other things, these reports have focused on the following: - recent cyber risk and cybersecurity developments; - cyber risk governance and oversight; - assessments by third-party experts; - key cyber risk metrics and activities; and - major projects and initiatives. We have also established a governance structure under each of the CIOs that oversee investments in systems, resources, and processes as part of the continued maturity of our cybersecurity posture. Our CIOs have collectively over seventy years of service in various roles in the cybersecurity and information technology areas, including over forty years in their current roles or within the industry.

Company Information

NameDistribution Solutions Group, Inc.
SIC DescriptionWholesale-Machinery, Equipment & Supplies
TickerDSGR - Nasdaq
CategoryAccelerated filer
Smaller reporting company
Fiscal Year EndDecember 30