PHOTRONICS INC 10-K Cybersecurity GRC - 2025-12-17

Page last updated on December 17, 2025

PHOTRONICS INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-12-17 14:22:38 EST.

Filings

10-K filed on 2025-12-17

PHOTRONICS INC filed a 10-K at 2025-12-17 14:22:38 EST
Accession Number: 0001140361-25-045801

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Risk Management Strategy Securing the Company's business information, customer, supplier, and employee data and information technology systems is an important part of our overall risk management framework. We rely on certain key information technology systems, some of which are dependent on services provided by third parties, including cloud vendors, for various business functions necessary to operate and manage our business. We select key third-party service providers based on several factors, including the type of data processed and the nature of services offered, and we oversee such key third-party service providers by conducting vendor diligence upon onboarding and ongoing monitoring, including a review of SOC-1 reports on an annual basis. We have adopted processes, guided by the Center for Internet Security (CIS) Cybersecurity Framework, designed to identify, assess and manage material risks from cybersecurity threats. Those processes include response to and an assessment of internal and external threats to the security, confidentiality, integrity and availability of our data and information systems, along with other material risks to our operations. We have implemented controls, such as Multi-Factor Authentication (MFA) and endpoint detection and response (EDR) solutions, to help govern the processes put in place by management designed to protect our IT assets, data, and services from threats and vulnerabilities. Furthermore, we maintain a formal, Incident Response Plan (IRP) and conduct mandatory, ongoing security awareness training for all employees. Although, to date, we have not experienced a material cybersecurity incident resulting in a significant interruption of our operations, the scope of any future incident cannot be predicted with any meaningful accuracy. See "Item 1A. Risk Factors" for more information. Governance Management is responsible for the day-to-day management of the risks we face, while our Board of Directors has ultimate responsibility for the oversight of risk management, including risks from cybersecurity threats. The Board of Directors has delegated primary oversight of cybersecurity risk to the Cyber Security Risk Management Committee. The Committee, in turn, ensures its members either possess or have access to relevant cybersecurity and risk management expertise to effectively challenge and guide management's program. The Committee regularly assesses how management is managing these risks and reports on its activities to the full Board of Directors at least quarterly to promote effective coordination and ensure the entire Board remains apprised of the cybersecurity risk landscape and the program's effectiveness. The day-to-day cybersecurity program is led by the Company's Vice President, IT Infrastructure & Information Security. This role is supported by a dedicated security team and reports directly to the Chief Executive Officer. The Vice President, IT Infrastructure & Information Security provides formal, quarterly updates to the Cyber Security Risk Management Committee. These updates cover cyber risk management governance, the status of ongoing efforts to strengthen cybersecurity effectiveness, key risk metrics and the material outcomes of risk assessments, and significant cybersecurity-related news events impacting the industry. In addition to scheduled reports, the Board of Directors engages in ad hoc conversations with management to discuss any significant updates to our cybersecurity risk management and initiatives, particularly in response to emerging threats.

Company Information