LOGITECH INTERNATIONAL S.A. 10-K Cybersecurity GRC - 2025-05-23

Page last updated on May 26, 2025

LOGITECH INTERNATIONAL S.A. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-05-23 17:01:15 EDT.

Filings

10-K filed on 2025-05-23

LOGITECH INTERNATIONAL S.A. filed a 10-K at 2025-05-23 17:01:15 EDT
Accession Number: 0001032975-25-000029

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Maintaining people’s trust is of paramount importance for Logitech. Logitech’s security capability is designed to protect the confidentiality, integrity, availability and accessibility of Logitech’s information, digital assets, products and services. Risk Management and Strategy We have established a Security Governance Framework that defines roles and responsibilities, so that security is taken into account at all levels and in every department or function of the Company. Our framework provides guidance for the organization, governance and implementation of security across the company. Logitech and its infrastructure have been certified for compliance with ISO 27001, an international standard for information security management. Identifying and assessing cybersecurity risks is integrated into our enterprise risk management. As part of our risk management program, we continuously assess risks from third parties, including vendors, suppliers, and other business partners associated with our use of third-party service providers. We have implemented incident response and breach management processes that include the following steps: mobilizing the right stakeholders and containing the attack, maintaining trust with all affected stakeholders and understanding the attack, recovering the most critical business operations, and learning from the attack. We also conduct tabletop exercises to, among other things, align activities and expectations in connection with our incident response processes, discuss strategic questions, and review third party recommendations. We have not previously experienced a cybersecurity event that was determined to be material, and our business strategy, results of operations and financial condition have not been materially affected by risks from cybersecurity threats. For additional information regarding risks from cybersecurity threats, please refer to Item 1A “Risk Factors” in this Annual Report on Form 10-K. Logitech International S.A. | Fiscal 2025 Form 10-K | Governance Board of Directors and Board Committees Oversight of Risks from Cybersecurity Threats Logitech’s Board of Directors oversees risk management and reviews Logitech security risks, controls and procedures. The Board of Directors is assisted in its role by each of the Audit Committee and the Technology and Innovation Committee. The Audit Committee is responsible for the oversight of risks from cybersecurity threats. Members of the Audit Committee receive updates on a semi-annual basis from our Chief Information Security Officer (“CISO”) regarding matters of cybersecurity. The Technology and Innovation Committee periodically reviews the Company’s cybersecurity, information security and other technology risks, controls and procedures, including product security and related threats. Finally, the Board has formed a Cyber Crisis Subcommittee tasked with overseeing any future significant cybersecurity crisis. Management’s Role in Assessing and Managing Material Risks from Cybersecurity Threats Our Security Team is responsible for evaluating, reporting and advising about security threats and risks, defining and leading the enterprise security program to protect Logitech business against security threats, maintaining and updating the security framework, monitoring the level of compliance with the security framework across Logitech digital assets, products and services, providing enterprise-wide security services, defining security policies, standards and guidelines, advising on secure architectures, performing assessments and due diligence checks internally and with business partners, providing security guidance for digital projects, creating and deploying security training programs, managing security incidents and breaches, and conducting threat intelligence and managing vulnerabilities. Our Security Team also monitors security through the entire software and product development lifecycle. The Head of Application and Product Security is accountable for the release or deployment approval of a product based upon the review of internal and external validation (functionality, performance, security) reports. The Security Team, which is part of the Digital Office organization, is led by the CISO , who has 20 years of security experience across different industries. The CISO reports to our Head of Digital Office, who has more than 20 years of experience leading software and infrastructure teams, including over a decade in the cybersecurity industry. Our security is managed based on industry-leading standards such as ISO 27001, National Institute of Standards and Technology (NIST), Center for Internet Security (CIS), Open Worldwide Application Security Project (OWASP) Application Security Verification Standard (ASVS) and the Software Assurance Maturity Model (SAMM). Our CISO and the Head of Digital Office regularly report on cybersecurity to the Audit Committee and/or the Technology and Innovation Committee and the Board of Directors .

Company Information