READING INTERNATIONAL INC 10-K Cybersecurity GRC - 2024-03-29

Page last updated on April 11, 2024

READING INTERNATIONAL INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-29 17:24:17 EDT.

Filings

10-K filed on 2024-03-29

READING INTERNATIONAL INC filed an 10-K at 2024-03-29 17:24:17 EDT
Accession Number: 0000716634-24-000009

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C Cybersecurity RISK MANAGEMENT AND STRATEGY We have implemented a cybersecurity program to address all levels of cybersecurity threats based on our determination of the risk level. Our program includes policies and procedures that dictate the method in which we develop, deploy, and maintain security measures and controls. We use a cybersecurity framework to select security controls to protect against identified risks. When designing the controls, we consider the severity of risk and its impact on the Company, including the cost of the control and the impact it may have on the Company operations. We use various combinations of controls and tools to mitigate the risk to the Company such as firewalls and intrusion devices, endpoint threat detection systems, multi-factor authentication systems, endpoint threat detection systems as well patch management to prevent exploitable vulnerabilities. We utilize third-party cybersecurity firms in various capacities to operate some of these controls, including remote monitoring, cloud-based platforms and services as well as on-premises services. For example, we use third parties to perform a variety of functions for the Company, including, but not limited to cybersecurity audits, targeted ransomware assessment and table-top exercises, internal penetration tests and other internal and external audits. These expert services enable us to leverage specialized knowledge and insights into our cybersecurity strategies and processes. We maintain a written incident response plan and carry out periodic tabletop exercises to improve incident response readiness. Employees undergo security awareness training when hired and periodically thereafter the scope of this training is continually updated to address newly identified threats. We utilize a risk-based approach and analysis to determine the cybersecurity controls to implement, and hence, there is a possibility that these controls may not adequately address every risk if we do not identify or place a high enough risk factor on a given threat. We are at risk of zero-day attacks and other vulnerabilities that may have been placed at a very low risk. In addition, even well-designed and properly deployed controls may not fully eliminate a given risk. CYBERSECURITY THREATS We have not had any cybersecurity incidents that we believe have materially affected or are likely to materially affect the Company. GOVERNANCE . Board Member Guy W. Adams serves as our Lead Technology and Cyber Risk Director. In December 2017, Mr. Adams was recognized as a Governance Fellow for the National Association of Corporate Directors, The Gold Standard Director Credential . In 2018, Director Adams completed the Cyber-Risk Oversight course presented by the National Association of Corporate Directors. - 31 -

Company Information