Outdoor Holding Co 10-K Cybersecurity GRC - 2025-06-16

Page last updated on June 17, 2025

Outdoor Holding Co reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-06-16 17:31:20 EDT.

Filings

10-K filed on 2025-06-16

Outdoor Holding Co filed a 10-K at 2025-06-16 17:31:20 EDT
Accession Number: 0000950170-25-086893

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C . CYBERSECURITY Risk Management and Strategy As a publicly traded e-commerce outdoor company, we are acutely aware of the importance of robust cybersecurity measures in safeguarding our information assets, operational integrity, and reputation. Our approach to cybersecurity risk management is integrated into our broader risk management framework and overseen by our Board of Directors. We have established comprehensive processes to assess, identify, and manage material risks from cybersecurity threats. These processes include continuous evaluation of potential threats, regular security assessments of third-party service providers, and stringent monitoring procedures to mitigate risks related to data breaches and other security incidents. We periodically engage third-party consultants, legal advisors, and audit firms to evaluate and assess our risk management systems and to assist in the remediation of potential cybersecurity incidents, as necessary. Our Information Security Program (the “Program”) is designed to protect personal and proprietary information in compliance with federal and state requirements. The Program aims to: - ensure the security and confidentiality of employee and customer personal information, as well as Company proprietary information; - protect against anticipated threats or hazards to the security or integrity of such information; and - prevent unauthorized access to, use of, or transfer of such information, thereby protecting the Company, its employees, and customers from potential harm or inconvenience. We use a variety of tools and services, including network monitoring, vulnerability assessments, and tabletop exercises, to enhance our cybersecurity posture. Our incident response plan is comprehensive, detailing procedures for preparing for, detecting, responding to, and recovering from cybersecurity incidents. This plan includes processes for triaging, assessing the severity of, escalating, containing, investigating, and remediating cybersecurity incidents, while ensuring compliance with relevant legal obligations. In addition to internal measures, we manage cybersecurity risks associated with third-party suppliers, particularly those with access to our systems or confidential data. We perform due diligence on critical third-party suppliers and monitor identified cybersecurity threats. We require these suppliers to contractually agree to manage their cybersecurity risks according to our standards or to submit to cybersecurity audits conducted by our agents. We regularly engage third-party experts to conduct information security testing, including penetration testing, on our systems and infrastructure. The Program undergoes periodic external assessments aligned with the National Institute of Standards and Technology Cybersecurity Framework and the Payment Card Industry Data Security Standard. This alignment helps us identify, assess, and manage cybersecurity risks relevant to our business. Governance Our Board of Directors oversees our cybersecurity risk management. Directors receive reports as requested from management, including senior IT leadership and third parties, on cybersecurity matters. Additionally, the Board of Directors is kept informed about cybersecurity risks as part of our overall enterprise risk management program and through regular business updates. Senior IT leaders and compliance officer are responsible for developing and implementing appropriate cybersecurity programs and ensuring our compliance with applicable laws and regulations. These leaders, equipped with relevant degrees, certifications, and extensive work experience, are informed by their cybersecurity teams about ongoing efforts to prevent, detect, mitigate, and remediate cybersecurity incidents. Information regarding cybersecurity risks is communicated through various channels, including direct discussions between key leaders and Company management, and reports to the Board of Directors and its committees. The Board of Directors regularly receives updates from our compliance officer and senior IT leadership on the status of our cybersecurity measures and any significant developments. 24 Our commitment to cybersecurity is a fundamental aspect of our operational strategy, ensuring the protection of our information assets, the continuity of our operations, and the trust of our stakeholders. We have experienced cybersecurity incidents in the ordinary course of business and will continue to experience risks from cybersecurity threats that could have a material adverse effect on our business strategy, results of operations, or financial condition. Although prior cybersecurity incidents have not had a material adverse effect on our business strategy, results of operations, or financial condition to date, any actual or perceived breach of our security could damage our reputation, adversely affect our operations, or subject us to third-party lawsuits, regulatory investigations and fines or other actions or liabilities, any of which could materially adversely affect our business strategy, results of operations, or financial condition. For more information on our cybersecurity related risks, see “Breaches of our information systems could adversely affect our reputation, disrupt our operations, and result in increased costs and loss of sales.” and “A failure of our information technology systems, or an interruption in their operation due to internal or external factors including cyber-attacks, could have a material adverse effect on our business, financial condition or results of operations.” in Item 1A “Risk Factors” of this Annual Report.

Company Information