ROGERS CORP 10-K Cybersecurity GRC - 2025-02-26

Page last updated on July 27, 2025

ROGERS CORP reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-02-26 16:21:41 EST.

Filings

10-K filed on 2025-02-26

ROGERS CORP filed a 10-K at 2025-02-26 16:21:41 EST
Accession Number: 0000084748-25-000026

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Safeguarding our information technology systems, intellectual property, and the confidential information and personal data that customers, suppliers, business partners, employees and others share with us is a critical concern for our business. As such, we have processes in place to assess, identify, and manage material cybersecurity threats and incidents. Key to these efforts is our cybersecurity risk management program (the “Cybersecurity Program”). We aim to incorporate industry best practices throughout our Cybersecurity Program. It is founded on the NIST’s Cybersecurity Framework (Identify, Protect, Detect, Respond and Recover) and includes elements of ISO 27001 standards, NIST SP 800-171 guidance, the ISO, and other applicable industry standards for protecting controlled unclassified information. The Cybersecurity Program also incorporates preventative, detective and corrective controls to identify relevant cyber risks. The controls are tested and evaluated on a regular basis and include the following controls: network and endpoint protection technologies that are designed to block and detect security events at the perimeter and within our networks; evaluation and monitoring of detected security events; and 17 documented incident response actions and procedures. In addition to internal assessments, third party security firms perform annual risk reviews to evaluate and assess the Cybersecurity Program. We regularly remind employees of the importance of handling and protecting customer and employee data, including through periodic security training to enhance employee awareness of how to detect and respond to cybersecurity incidents. We also conduct tabletop exercises to simulate response plans to various cybersecurity incidents. Our team of cybersecurity professionals then collaborate with relevant stakeholders within our Company to evaluate and adjust our detection and mitigation strategies. We impose security requirements upon our suppliers, including maintaining an effective security management program, abiding by information handling and asset management requirements; and notifying us in the event of any known or suspected cyber incident. Our CIDO is responsible for leading the Cybersecurity Program, which is coordinated and primarily executed by our Director of Information Security and Compliance. Our Board of Directors, primarily through the Audit Committee, oversees our enterprise risk management program, including cybersecurity risks. The enterprise risk management program is utilized in making decisions with respect to our Company’s priorities, resource allocation, and oversight structures. Our CIDO and/or Director of Information Security and Compliance deliver updates on the Cybersecurity Program to our Board of Directors semi-annually, including with respect to significant projects and initiatives. These updates consist of a report to the full Board of Directors and to the Audit Committee, and cover a wide range of topics, including evolving regulations and standards, vulnerability assessments, mitigation strategies, third-party and independent reviews, the evolving threat environment, technological and industry trends, and information security considerations arising with respect to our Company’s peers and other third parties. Our CIDO and/or Director of Information Security and Compliance will also provide reports of material cybersecurity incidents or other relevant developments to our Board of Directors and Audit Committee as and when needed. Furthermore, our CIDO and/or Director of Information Security and Compliance provide periodic updates to our senior management regarding cybersecurity risks, as well as interim updates during regular meetings with our leadership team. For a discussion regarding risks from cybersecurity threats that have or are reasonably likely to materially affect our Company, see the risk factor titled “A significant disruption in, or breach in security of, our information technology systems or violations of data protection laws could materially adversely affect our business and reputation” in “Item 1A. Risk Factors” of this Annual Report on Form 10-K. 18

Company Information