KULICKE & SOFFA INDUSTRIES INC 10-K Cybersecurity GRC - 2025-11-20

Page last updated on November 20, 2025

KULICKE & SOFFA INDUSTRIES INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-11-20 08:50:16 EST.

Filings

10-K filed on 2025-11-20

KULICKE & SOFFA INDUSTRIES INC filed a 10-K at 2025-11-20 08:50:16 EST
Accession Number: 0000056978-25-000081

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. CYBERSECURITY Cybersecurity Risk Management and Strategy We rely on information systems and the data stored on them to conduct our operations. We have adopted and maintain a cybersecurity risk management program , as a subset of our broader enterprise risk management program, which is designed in accordance with our risk profile and business. Our cybersecurity practices are aligned with standard industry frameworks such as the National Institute of Standards and Technology (NIST) Cybersecurity Framework, International Organization for Standardization (ISO) 27001, Center for Internet Security Critical Security Controls and other industry standards. Our cybersecurity risk management program incorporates multiple components, including, but not limited to, policies, guidelines, procedures, infrastructure, and systems that are designed to protect the confidentiality, integrity and availability of our critical systems and information. Elements of our cybersecurity risk management process include, but are not limited to, the following: - Annual cybersecurity risk assessments of critical infrastructure and systems; - Annual vulnerability scans and penetration testing; - Mandatory, bi-annual cybersecurity awareness training for all employees, including phishing exercises; and - An overarching written information security policy and written cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents. We leverage IT service providers to perform penetration testing and support our cybersecurity awareness training program. We oversee cybersecurity risks related to third-party IT cloud service providers who have access to our systems and data. We require certain IT cloud service providers to complete cloud-based cybersecurity assessments. We have not identified any cybersecurity incidents or threats that have materially affected us or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition. However, like other companies in our industry, we and our third-party vendors have from time to time experienced cybersecurity threats and other security incidents that have affected our information or systems. We have experienced, and expect to continue to be subject to, cybersecurity threats and incidents, ranging from employee error or misuse to individual attempts to gain unauthorized access to information systems, to sophisticated and targeted measures known as advanced persistent threats, none of which have been material to the Company to date. For additional information on certain risks associated with cybersecurity, including with respect to prior cybersecurity incidents, please refer to " We may be subject to disruptions or failures in our information technology systems and network infrastructures that could have a material adverse effect on us " in Item 1A: Risk Factors . Cybersecurity Governance Our Board of Directors (the "Board") has delegated responsibility for enterprise risk management, including cybersecurity risk oversight, to our Audit Committee (the "Committee") . The Committee receives quarterly information security updates from our Chief Financial Officer and Senior Director of Governance & Information Security (the "Senior Director, GIS"). The Committee in turn reports to the full Board regarding its activities, including those related to cybersecurity, on at least a bi-annual basis. The Senior Director, GIS , who has been a head of information security for close to 15 years and has more than 27 years of overall experience in IT and cyber security industry, holds a Bachelor of Science in Information Technology from Bina Nusantara University and Master of Business Administration from University of Liverpool. He receives support from our operational team which comprises cybersecurity, IT, controllership, and legal professionals who regularly review cybersecurity matters and evaluate emerging threats, as well as act as first responders to triage any cybersecurity incidents. In the event of a cybersecurity incident, the Committee and Board receive updates from this team on an ad-hoc basis, if appropriate, under our tiered escalation support framework.

Company Information