PC CONNECTION INC 10-K Cybersecurity GRC - 2024-03-07

Page last updated on April 11, 2024

PC CONNECTION INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-07 16:15:38 EST.

Filings

10-K filed on 2024-03-07

PC CONNECTION INC filed an 10-K at 2024-03-07 16:15:38 EST
Accession Number: 0001558370-24-002727

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Cybersecurity Risk Management and Strategy We have established processes, procedures, and controls to identify, manage, assess, and mitigate material risks from cybersecurity threats which are designed to help protect our information assets and operations from internal and external cyber threats by understanding and seeking to manage risk while ensuring business resiliency, protecting employee and customer information from unauthorized access or attack, and securing our networks, systems, devices, products, and services, or our Cybersecurity Risk Mitigation Practices. We conduct tests on our systems and incident simulations to help discover potential vulnerabilities and ensure the effectiveness of our Cybersecurity Risk Mitigation Practices. We engage external parties, including consultants, independent privacy assessors, computer security firms, and risk management and governance experts, to enhance our cybersecurity oversight. We also regularly consult with industry groups on emerging industry trends. In order to oversee and identify risks from cybersecurity threats associated with our use of third-party service providers, we have a third-party risk management program designed to help protect against the misuse of information technology by third parties and business partners. As of the date of this Annual Report Form 10-K, we are not aware of any cybersecurity threats that have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition. However, as discussed under Item 1A. Risk Factors, specifically the risks titled Cyberattacks or the failure to safeguard personal information and our IT systems could result in liability and harm our reputation, which could adversely affect our business and Our business could be materially adversely affected by system failures, interruption, integration issues, or security lapses of our IT systems or those of our third-party providers, the sophistication of cyber threats continues to increase, and the preventative actions we take to reduce the risk of cyber incidents and protect our systems and information may be insufficient. Accordingly, no matter how well our controls are designed or implemented, we will not be able to anticipate all security breaches, and we may not be able to implement effective preventive measures against such security breaches in a timely manner. Cybersecurity Governance and Oversight Our Cybersecurity Risk Mitigation Practices are managed on a day-to-day basis by members of our Information Security Steering Committee, or the Committee, and are overseen by our Board of Directors. The Committee is composed of senior management, including our Chief Information Officer and Chief Financial Officer, and senior vice presidents from various areas of the organization including IT, compliance, legal, operations and human resources, including the Vice President of Information Security and Compliance. The Vice President of Information Security and Compliance has over 40 years of IT experience and is a certified information systems security professional. As part of the administration of our Cybersecurity Risk Mitigation Practices, the Committee is tasked with managing and mitigating our exposure to cybersecurity threats, creating our cybersecurity policies, and establishing short and long- 26 Table of Contents term cybersecurity goals and objectives that are designed to protect our information systems. The Committee is also responsible for planning ordinary course security projects and initiatives aimed at ensuring that our organizational leaders are informing our employees about our cybersecurity policies and about cybersecurity basic practices. On a periodic basis, the Committee meets to review the performance and effectiveness of our Cybersecurity Risk Mitigation Practices. Members of the Committee will present the results of the periodic performance and effectiveness review to our Board of Directors, who oversee our risk management processes directly and through its committees. These results, along with other cybersecurity topics including updates on previously identified material cybersecurity threats or incidents, are presented at regularly scheduled meetings. Members of the Committee will also notify our Board of Directors between such meetings regarding significant new cybersecurity threats or incidents.

Company Information