Allbirds, Inc. 10-K Cybersecurity GRC - 2024-03-12

Page last updated on April 11, 2024

Allbirds, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-12 21:19:21 EDT.

Filings

10-K filed on 2024-03-12

Allbirds, Inc. filed an 10-K at 2024-03-12 21:19:21 EDT
Accession Number: 0001653909-24-000015

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Cybersecurity Risk Management and Strategy Information technology is important to our business operations and we are committed to protecting the privacy, security and integrity of our data, as well as our employee and customer data. Accordingly, we monitor and update our information technology networks and infrastructure to prevent, detect, address and mitigate risks associated with 51 Table of Contents unauthorized access, misuse, computer viruses and other events that could have a security impact. Additionally, to protect and secure sensitive data such as customer information, we employ multi-factor authentication, a suite of security tools, systems monitoring and alerting, audit logs, and controls across our major systems, corporate devices, and business processes. Our cybersecurity process is designed to assess, identify, prevent, and manage cybersecurity risks and threats, as well as identify, contain and respond to cybersecurity incidents. This process includes a variety of activities, such as company-wide security awareness training, including regular phishing simulations, acceptable use training, cyber wellness trainings and other targeted trainings throughout the year. These cybersecurity trainings provide employees the opportunity to gain an understanding of the various forms of cybersecurity incidents and enable our employees to handle and report any suspicious activity or threat. To date, our approach to cybersecurity has been effective in protecting the confidentiality, integrity, and availability of our information however, we cannot guarantee that its efforts will be successful in preventing all cybersecurity incidents. Further, we currently maintain a cyber insurance policy that provides coverage for security breaches however, such insurance may not be sufficient in type or amount to cover us against claims related to security breaches, cyber-attacks and other related breaches. We do not believe that there are currently any known risks from cybersecurity threats, including as a result of any prior cybersecurity incidents, that are reasonably likely to materially affect us or our business strategy, results of operations or financial condition. Refer to Part I, Item 1A of this Annual Report on Form 10-K for additional discussion about cybersecurity related risks. Cybersecurity Governance Given that cybersecurity is a critical component of our enterprise, cybersecurity risks are among the enterprise risks that the Board oversees, primarily through delegation to the Audit Committee of the Board. As reflected in its charter, the Audit Committee assists the Board in overseeing the Company s privacy and information security policies. The Audit Committee engages on cybersecurity matters with our management team, including our Chief Technology and Culture Officer, and receives periodic reports from management on cybersecurity. Our Chief Technology and Culture Officer joined us in 2017 and has more than 20 years of technology-related roles and responsibilities. These presentations address a range of topics including, the threat landscape and cybersecurity events, vulnerability assessments, incident preparedness assessments, and cybersecurity awareness training. In addition, management updates the Audit Committee, as necessary, regarding any material cybersecurity incidents, as well as any incidents with lesser impact potential. The Board receives regular updates on the activities of the Audit Committee, including with regard to cybersecurity oversight. Our management team, including the Chief Technology and Culture Officer and General Counsel, is responsible for assessing and managing our material risks from cybersecurity threats. The team has primary responsibility for our overall cybersecurity risk management and supervises both our internal and external cybersecurity resources. Our management team supervises efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, which may include briefings from internal personnel threat intelligence and other information obtained from governmental, public or private sources, and alerts and reports produced by security tools deployed in the IT environment.

Company Information