GENCOR INDUSTRIES INC 10-K Cybersecurity GRC - 2025-06-27

Page last updated on June 27, 2025

GENCOR INDUSTRIES INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-06-27 12:43:01 EDT.

Filings

10-K filed on 2025-06-27

GENCOR INDUSTRIES INC filed a 10-K at 2025-06-27 12:43:01 EDT
Accession Number: 0001193125-25-150836

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C CYBERSECURITY Risk Management and Strategy Our information technology, communication networks, enterprise applications, and related systems are necessary for our operations. We use these systems to manage our production, engineering drawings, customer and vendor relationships, for internal communications, for payroll and accounting to operate record-keeping functions, and for many other key aspects of our business. Our business operations rely on the secure collection, storage, transmission, and other processing of proprietary, confidential, and sensitive data. We have implemented and maintain various information security processes designed to identify, assess and manage material risks from cybersecurity threats to our critical computer networks, third-party hosted services , communications systems, hardware and software, and our critical data. Our cybersecurity risk management program is included in our overall enterprise risk management program. Key elements of our cybersecurity risk management program include: - the formalization and implementation of information security policies which include encryption standards, antivirus protection, vulnerability management, multifactor authentication, granting and removing of access, confidential information, and credential standards; - the use of external service providers, where appropriate, to assess, test or otherwise assist with aspects of our security controls including vulnerability assessments and penetration tests; - cybersecurity awareness training of our employees; - enhancement of segregation of duties to mitigate the risk of self-review of transactions within the system; and - revision of user access request documentation to clearly define the roles and permissions assigned to users. We have been, and expect to continue to be, subject to cybersecurity risks and incidents related to our business. To date, risks from cybersecurity threats have not materially affected our operations. We currently do not expect that the risks from cybersecurity threats are reasonably likely to materially affect us. However, as discussed further under “Item 1A - Risk Factors”, cyber threats continue to increase. Preventative actions we take to reduce the risk of cyber incidents and protect our systems and information may be insufficient. Accordingly, no matter how well designed or implemented our controls are, we will not be able to anticipate all security breaches of these types, including security threats that may result from third parties improperly employing artificial intelligence technologies, and we may not be able to implement effective preventive measures against such security breaches in a timely manner. Governance Our Board of Directors has overall oversight responsibility for our enterprise risk management program and delegates cybersecurity risk management oversight to the Audit Committee of the Board of Directors . Our Chief Financial Officer and IT Manager are responsible for identifying, considering and assessing cybersecurity risks on an ongoing basis, establishing processes to ensure that such potential cybersecurity risk exposures are monitored, putting in place appropriate mitigation measures, maintaining cybersecurity programs, and remediating any potential cybersecurity incidents. The Audit Committee receives updates from our Chief Financial Officer on, among other things, our cybersecurity risks and the status of any projects to strengthen our information security systems and assessments of our cybersecurity program. At meetings of the Board of Directors, the Chairman of our Audit Committee has the opportunity to report on cybersecurity risks and related mitigation efforts. Our IT Manager has been with the Company for over a decade, and maintains various certifications in information technology and information security subjects. Our Chief Financial Officer holds a BS in Finance and Management and an MBA, has over 30 years of financial management experience, and has over 13 years of experience managing risks at the Company, including risks arising from cybersecurity threats.

Company Information