CORE MOLDING TECHNOLOGIES INC 10-K Cybersecurity GRC - 2024-03-12

Page last updated on April 11, 2024

CORE MOLDING TECHNOLOGIES INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-12 12:40:10 EDT.

Filings

10-K filed on 2024-03-12

CORE MOLDING TECHNOLOGIES INC filed an 10-K at 2024-03-12 12:40:10 EDT
Accession Number: 0001026655-24-000030

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Risk management and strategy The Company maintains a cyber risk management program designed to assess, identify, manage, mitigate, and respond to cybersecurity threats and incidents. The cyber risk management program is integrated into the Company s overall enterprise risk management ( ERM ) program. The ERM program is designed to provide cross-functional board and executive insight across the business to identify and monitor risks, opportunities and emerging trends that can impact the Company s strategic business objectives. The Company also maintains several processes intended to safeguard our information systems, protect the integrity of our data and respond to cybersecurity incidents. These processes include a formal information security training program for all employees, training on matters such as phishing and email security best practices, annual disaster recovery exercises, targeted access controls, and multi-factor authentication logins. The Company maintains a cybersecurity incident response process to help ensure a timely and consistent response to actual or attempted cybersecurity incidents impacting the Company. The Company engages third-party service providers to aid in monitoring and safeguarding critical assets from cybersecurity attacks. Through these partnerships, the Company leverages specialized knowledge, insights, and practices to enhance the effectiveness of its cybersecurity strategies. Key third-party services include 24/7 active and passive monitoring and mitigation of the Company s network, endpoints, and data. Additionally, the Company has contractual obligations in place with third-party service providers to adhere to specific information security standards and to promptly notify and collaborate with management in the event of qualifying cybersecurity incidents. As of the date of this Annual Report on Form 10-K, the Company is not aware of any cybersecurity incidents that have had, or are reasonably likely to have, a material impact on our business or operations. However, due to the evolving nature of cyber threats and their increased sophistication, there remains the potential for adverse impacts on the Company should a cybersecurity incident occur. These impacts could include reputational damage, competitive harm, operational disruptions, financial costs, and regulatory actions. Please refer to the risk factor titled “Cybersecurity attacks may threaten our confidential information, disrupt operations and result in harm to our reputation and adversely impact our business and financial performance.” See Part I, Item 1A for further information regarding cybersecurity risks and potential impacts on our business and results of operations. Governance Management’s responsibility The Company s senior executive team, which includes our Director of Information Systems, is responsible for providing input and oversight of our ERM program, including assessing and managing our material risks from cybersecurity threats. The senior executive team is informed about and oversees the prevention, detection, mitigation, and remediation of cybersecurity incidents through their management of, and participation in, our cybersecurity risk management and strategy 18 Table of Contents processes. The senior executive team provides an in-depth annual report and quarterly updates on our enterprise risks, including cybersecurity risks, to present to the full Board. Board oversight While management is responsible for the day-to-day management of cybersecurity risks, our Board maintains principal oversight responsibility for our enterprise risk management, including cybersecurity. The Board has responsibility for, among other things, oversight of the Company s information technology and cybersecurity processes and procedures, including oversight of risks from cybersecurity threats and the steps management has taken to monitor and mitigate such risks. The Board reviews and discusses with management, at least annually: the adequacy and effectiveness of our information technology security processes and procedures, the assessment of risks and threats to our information technology systems, the internal controls regarding information technology security and cybersecurity, and the steps management has taken to monitor and mitigate information technology security and cybersecurity risks and to remediate the effects of any cybersecurity incidents that may occur.

Company Information