Page last updated on July 27, 2025
Avery Dennison Corp reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-02-26 13:36:51 EST.
Filings
10-K filed on 2025-02-26
Avery Dennison Corp filed a 10-K at 2025-02-26 13:36:51 EST
Accession Number: 0000008818-25-000003
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
Item 1C. CYBERSECURITY Cybersecurity Risk Management and Strategy Our cybersecurity risk management program, which is designed to protect the confidentiality, integrity and availability of our critical systems and information, includes a comprehensive cybersecurity incident response plan. We design and assess our program based on the ISO 27000 and the National Institute of Standards and Technology (NIST) SP-800 and Cybersecurity Framework. We use these frameworks to help us identify, assess and manage cybersecurity risks relevant to our business and do not intend to suggest that we meet any particular technical standards, specifications or requirements. Our cybersecurity risk management program complements our overall enterprise risk management program, using similar methodologies and governance processes to identify risks and mitigating strategies. Our cybersecurity risk management program includes risk assessments designed to help identify potentially material cybersecurity risks to our critical systems, information, products and services, as well as our broader enterprise information technology environment; an information technology security team principally responsible for managing our cybersecurity risk assessment processes, security controls and response to any cybersecurity events; the use of third party experts and service providers, where appropriate, to assess, test and otherwise assist with protecting our security environment ; cybersecurity awareness training for our employees and further training for our incident response personnel and senior management; a cybersecurity incident response plan that includes procedures for assessing and coordinating our response to cybersecurity events; and a third-party risk management process for service providers, suppliers and vendors. We have not experienced cybersecurity events that have materially affected our operations, results of operations, or financial condition. However, we face certain ongoing risks from cybersecurity threats that, if realized, would be reasonably likely to materially affect us, including our operations, results of operations, or financial condition. Risks and uncertainties related to cybersecurity are discussed in greater detail under “Risks Related to Information Technology” in Item 1A of this report. Cybersecurity Governance Our Board of Directors (our “Board”) considers cybersecurity risk as part of its risk oversight function and has delegated to the Audit Committee primary responsibility for overseeing our cybersecurity risk management program and engaging with management on cybersecurity and other risks related to our information technology controls and security. Our Information Security Officer (“ISO”) reports directly to our Chief Information Officer (“CIO”), a member of our Company Leadership Team and direct report of our Chief Executive Officer (“CEO”). The CIO and ISO together provide updates and discuss our cybersecurity preparedness with the Audit Committee at least semiannually, which its Chair then reports on to our full Board . Management updates the Audit Committee, if and as needed, regarding any significant cybersecurity events, as well as events that may have had lesser potential impact. Our cybersecurity leadership team (“CSLT”), which includes leaders accountable for security operations, incident response, risk and compliance, data security, application security, digital solutions security, vulnerability management and operational technology security, is responsible for assessing and managing our risks from cybersecurity threats. The team has primary responsibility for our overall cybersecurity risk management program and supervises both our internal cybersecurity personnel and our external cybersecurity consultants. Information security personnel maintain a variety of technical and managerial security certifications and have broad security experience in manufacturing, finance, software and information technology environments. The CSLT supervises our efforts to prevent, detect, mitigate and remediate cybersecurity risks and incidents through a variety of means, which may include briefings from internal security personnel; threat intelligence and other information obtained from governmental, public or private sources, including external consultants; and reports from cybersecurity systems deployed in our information technology environment.
Company Information
| Name | Avery Dennison Corp |
| CIK | 0000008818 |
| SIC Description | Converted Paper & Paperboard Prods (No Contaners/Boxes) |
| Ticker | AVY - NYSE |
| Website | |
| Category | Large accelerated filer |
| Fiscal Year End | December 30 |