Page last updated on December 18, 2025
Leslie's, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-12-18 09:00:48 EST.
Filings
10-K filed on 2025-12-18
Leslie's, Inc. filed a 10-K at 2025-12-18 09:00:48 EST
Accession Number: 0001193125-25-323811
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
Item 1C. Cybersecurity We have implemented and continue to maintain a robust cybersecurity program intended to assess, identify, and manage risks from cybersecurity threats that may result in material adverse effects on the confidentiality, integrity, and availability of our information systems and the data residing therein. Our board of directors, with assistance from the audit committee, oversees the Company's management of risks arising from cybersecurity threats. The audit committee regularly reviews the measures implemented by the Company to help identify and mitigate risks from cybersecurity threats. As part of such reviews, the audit committee receives reports and presentations from the CIO and members of our team responsible for overseeing the Company's cybersecurity risk management, including our legal team, which may address a wide range of topics. This includes recent developments, evolving standards, vulnerability assessments, third-party and independent reviews, the threat environment, compliance, privacy, technological trends and information security considerations arising with respect to the Company's peers and third parties. The audit committee also reports to the board of directors at least annually on cybersecurity matters. We have an incident response plan under which certain cybersecurity incidents are escalated within the Company to senior executives on the cybersecurity risk management committee, and, where appropriate, reported to the board of directors and audit committee in a timely manner. At the management level, our cybersecurity risk management committee, comprised of senior executives representing functional and business areas, including our legal team, has broad oversight of the Company's risk management processes. Members of the Company's cybersecurity risk management committee includes certain IT leadership and the General Counsel . The committee meets regularly to discuss the risk management measures implemented by the Company to help identify and mitigate data protection and cyber security risks. Certain IT leadership and the General Counsel attend each cybersecurity risk management committee meeting to report on ongoing cybersecurity matters. Our IT leadership also works closely with our legal team to oversee compliance with legal, regulatory and contractual security requirements. Our CIO, Vice President of Infrastructure and Security, IT Security Director, and cybersecurity engineers have knowledge and experience to effectively implement, monitor, and maintain our cybersecurity posture. This team receives reports on cybersecurity threats from various business teams, and in conjunction with management, regularly reviews risk management measures implemented by the Company to help identify and mitigate data protection and cybersecurity risks. Our cybersecurity processes include automated tools and technical safeguards managed and monitored by our cybersecurity team and include mechanisms, controls, technologies, systems, and other processes designed to prevent or mitigate data loss, theft, misuse, or other security incidents or vulnerabilities affecting the data and maintain a stable information technology environment. For example, we regularly conduct penetration and vulnerability testing, security audits, and tabletop exercises. We conduct regular employee training on cybersecurity and provide management reports to monitor training effectiveness. We also employ systems and processes designed to oversee, identify, and reduce the potential impact of a security incident at a third-party vendor, service provider or customer that otherwise implicates third-party technology and systems we use. In addition, we consult with outside advisors and experts, when appropriate, to assist with assessing, identifying, and managing cybersecurity risks, including to anticipate future threats and trends, and their impact on the Company's risk environment. Cybersecurity threats continue to evolve. We consider cybersecurity threats along with other significant risks that we face within our overall enterprise risk management framework. In the last fiscal year, we have not identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected us. However, cybersecurity attack techniques change frequently, and with increased volume and sophistication of such attacks, there can be no guarantee that we will not be the subject of future successful attacks, threats or incidents that could materially affect us. Additional information on cybersecurity risks we face can be found in Part I, Item 1A "Risk Factors" of this Annual Report on Form 10-K.
Company Information
| Name | Leslie's, Inc. |
| CIK | 0001821806 |
| SIC Description | Retail-Retail Stores, NEC |
| Ticker | LESL - Nasdaq |
| Website | |
| Category | Large accelerated filer |
| Fiscal Year End | October 3 |