CALAVO GROWERS INC 10-K Cybersecurity GRC - 2026-01-14

Page last updated on January 14, 2026

CALAVO GROWERS INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-01-14 17:11:09 EST.

Filings

10-K filed on 2026-01-14

CALAVO GROWERS INC filed a 10-K at 2026-01-14 17:11:09 EST
Accession Number: 0001104659-26-003786

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy Cybersecurity risk is managed within our broader enterprise risk management program , which includes common methodologies for identifying and evaluating legal, compliance, operational, financial, and strategic risks. Cybersecurity risks are evaluated in this context to ensure that potential impacts on operations, supply chain continuity, food safety systems, and financial reporting are appropriately considered. We assess our cybersecurity program using the National Institute of Standards and Technology Cybersecurity Framework ("NIST CSF") 2.0 as a reference model. In fiscal 2025, we engaged an independent third-party cybersecurity firm to conduct a comprehensive gap assessment against NIST CSF 2.0 baseline practices. Our assessment of our cybersecurity program has identified specific improvement opportunities in incident response capabilities, business continuity and disaster recovery planning, infrastructure modernization, and security monitoring. We are actively implementing a multi-year cybersecurity enhancement program to address these findings and strengthen our cybersecurity posture across all NIST CSF core functions: Govern, Identify, Protect, Detect, Respond, and Recover. Our cybersecurity program incorporates a multi-layered approach that includes the following elements: ● Employee awareness and training : We conduct regular phishing simulations, periodic information security briefings at management meetings, and mandatory annual training for all employees, including training supported by our KnowBe4 platform, to promote awareness of common and emerging threats. ● Security tools and technical safeguards : We maintain technical safeguards that include multi-factor authentication, endpoint detection and response technology, email filtering, encryption, and continuous monitoring of network activity across our environments. ● Third party risk management : We evaluate cybersecurity risks related to service providers, suppliers, and vendors with access to systems or data through questionnaires, contract provisions, and periodic reviews. Certain third parties, including customers, require Calavo to complete their own cybersecurity assessments, and we likewise assess applicable cybersecurity practices for third party providers that support our operations. ● Vulnerability management : We use internal and external resources to conduct periodic scanning and assessments of our environment. We also periodically engage independent cybersecurity firms to perform penetration testing. Our most recent third-party penetration test was completed in 2024. Testing frequency is expected to increase as part of our cybersecurity program enhancement plan. ● Managed detection and incidence response : We use managed detection and response services and advanced endpoint monitoring tools to identify potential cybersecurity events. We maintain an incident response plan that includes procedures for detection, escalation, containment, investigation, and remediation. The plan identifies a cross-functional Security Incident Response Team. Calavo is in the process of expanding documented procedures, playbooks, and testing activities, consistent with recommendations from our third-party assessors. We periodically review risks identified through assessments, monitoring activities, reports from employees, and input from third party experts. In prioritizing cybersecurity risks, we consider likelihood and potential severity, including possible impacts on operations, food safety systems, financial reporting systems, customers, employees, and suppliers. We are implementing enhanced business continuity and disaster recovery capabilities, including multi-region architecture for critical cloud-hosted systems, to reduce recovery time objectives and improve organizational resilience to cyber incidents and other disruptions. As of the date of this report and based on information currently known to us, Calavo is not aware of any cybersecurity threats or incidents that have materially affected or are reasonably likely to materially affect us, including our business strategy , results of operations, or financial condition. Additional information regarding cybersecurity-related risks is included in Item 1A. Risk Factors of this Form 10-K. Governance The Board oversees cybersecurity risk as part of its overall risk oversight responsibilities. The Audit Committee receives periodic updates from our Director of Information Technology regarding cybersecurity risks, threat activity, program maturity, significant projects, and the status of program enhancements. These updates occur at least quarterly, with additional updates provided as needed based on significant developments or incidents. Management is responsible for the implementation and operation of our cybersecurity program. Our Director of Information Technology has primary responsibility for day-to-day information security management and is supported by internal information technology personnel and external cybersecurity service providers. Our Director of Information Technology has more than 33 years of progressive experience in information technology, including over 24 years supporting technology and operational systems in the agricultural industry. He holds a Bachelor of Business Administration from De La Salle University in the Philippines and has maintained professional certifications as a Certified Novell Engineer and a Microsoft Certified Systems Engineer. The information technology organization includes personnel with experience in systems engineering, infrastructure management, network operations, and incident response. Management provides regular updates to the Audit Committee regarding significant cybersecurity developments, including results of internal and third-party assessments, implementation progress on enhancement initiatives, and key performance metrics. A cross-functional cybersecurity governance committee has been established to oversee the implementation of the cybersecurity enhancement program and provide executive-level coordination across business functions impacted by cybersecurity initiatives. Management provides regular updates to the Audit Committee regarding significant cybersecurity developments, including results of internal and third-party assessments, implementation progress on enhancement initiatives, and key performance metrics.

Company Information