Holley Inc. 10-K Cybersecurity GRC - 2024-03-14

Page last updated on April 11, 2024

Holley Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-14 16:08:03 EDT.

Filings

10-K filed on 2024-03-14

Holley Inc. filed an 10-K at 2024-03-14 16:08:03 EDT
Accession Number: 0001437749-24-007848

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Holley recognizes the importance of maintaining the safety and security of our information systems and data and has risk-based processes in place for overseeing and managing material risks from cybersecurity threats. Our cybersecurity program, which is further described below, is supported by our information technology team, management and our board of directors. Additionally, our cybersecurity processes and reporting structure are incorporated into our enterprise risk management program, which addresses both the corporate information technology environment and customer-facing products. We will continue to invest in the security and resiliency of our networks and to enhance our internal controls and processes, which are designed to help protect our systems and infrastructure, and the information they contain. Management s Role Holley s information technology team, which is responsible for developing and implementing our cybersecurity program, currently operates under the oversight of our Chief Financial Officer ( CFO ). The CFO is generally responsible for managing risks from cybersecurity threats, as well as overseeing the safeguarding and fortification of our networks and systems. With a proven track record in developing and leading data science teams, the CFO’s expertise in business, finance and technology enables him to guide the team in making strategic information technology investments that strike a balance between growth opportunities, risk mitigation and return on investment. The information technology team is comprised of cybersecurity professionals with broad experience and expertise, including in cybersecurity threat assessments and detection, mitigation technologies, cybersecurity training, incident response, penetration testing processes and methodologies, and risk communication and reporting. Currently, an Interim Chief Information Officer ( CIO ) is overseeing our cybersecurity program as we proceed with an executive search to appoint a permanent CIO. Going forward, the CIO will be responsible for the management and oversight of Holley s cybersecurity program. Board Oversight Our board of directors, in coordination with the Audit Committee, oversees Holley s enterprise risk management activities, including the management of risks from cybersecurity threats. Our Audit Committee directly oversees our cybersecurity program. The Audit Committee receives updates, biannually or more frequently, as needed, from management on the Company s cyber risk management processes, including reports on risk trends related to cybersecurity. If a cybersecurity incident is identified, the information technology team, in conjunction with management, will take appropriate actions to mitigate and remediate the incident in a timely manner. Management will determine the materiality of the incident and inform the Audit Committee, as appropriate. Technical Safeguards and Continuous Monitoring As part of our cybersecurity program, we regularly assess and deploy technical safeguards designed to protect our information systems from cybersecurity threats. Such safeguards are regularly evaluated and improved based on vulnerability assessments, cybersecurity threat intelligence and incident response experience. We utilize data analytics to detect anomalies and search for cyber threats. Our cybersecurity processes include a continuous monitoring system which supports comprehensive cyber threat detection and response capabilities and complements the technology, processes and threat detection techniques we use to monitor, manage and mitigate cybersecurity threats. Cyber partners are a key part of Holley s cybersecurity infrastructure. We partner with leading cybersecurity companies, leveraging third-party technology and expertise. We engage with these partners to monitor and maintain the performance and effectiveness of products and services that are deployed in our environment. Training and Awareness We provide awareness training to our employees to help identify, avoid and mitigate cybersecurity threats. Our employees with network access participate annually in required training, including privacy and security training designed to enhance employee awareness of how to detect and respond to cybersecurity threats. We have also developed a program for staging incident response drills to prepare support teams in the event of a significant incident. Third-Party Risk Management Our information technology team is responsible for identifying and managing any cybersecurity threats that occur with our vendors and suppliers. The team communicates with our suppliers and vendors and relies on them to apprise Holley of any cybersecurity issues. W e have not identified risks from cybersecurity threats that have materially affected us, including our financial position, results of operations, cash flows, or reputation, although certain risks, if realized, are reasonably likely to materially affect us. For more information regarding the risks we face from cybersecurity threats and how those risks could affect us, please see Item 1A. Risk Factors. 32 Table of Contents

Company Information