PILGRIMS PRIDE CORP 10-K Cybersecurity GRC - 2026-02-12

Page last updated on February 12, 2026

PILGRIMS PRIDE CORP reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-02-12 07:28:22 EST.

Filings

10-K filed on 2026-02-12

PILGRIMS PRIDE CORP filed a 10-K at 2026-02-12 07:28:22 EST
Accession Number: 0000802481-26-000011

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity The Company maintains a robust cybersecurity infrastructure to safeguard our operations, networks and data through comprehensive security measures including our technology tools, internal management and external service providers. The Company's Chief Information Officer ("CIO") is responsible for assessing, identifying, and managing the risks from cybersecurity threats. Our CIO has significant experience in information technology and many of our information technology team members hold qualifications in technology security positions. We maintain a cross-functional Cybersecurity Committee, as well as a Global Security Committee consisting of the information technology professionals and security managers from each country in which we have operations. We have both policies and procedures that align with the National Institute of Standards and Technology Cybersecurity Framework. Our information security program includes, among other aspects, vulnerability management, antivirus and malware protection, encryption and access control, and employee training. Our CIO, together with our Global Security Committee, reviews emerging threats, controls, and procedures as part of assessing, identifying, and managing risks. Risks identified by our cybersecurity program are analyzed to determine the potential impact on us and the likelihood of occurrence. Such risks are continuously monitored to ensure that the circumstances and severity of such risks have not changed. We also endeavor to apprise employees of emerging risks and require them to undergo regular security awareness trainings and supplemental trainings as needed. Additionally, we conduct periodic internal exercises to gauge the effectiveness of the trainings and assess the need for additional training. At least annually, we engage independent third-party cybersecurity providers for testing and vulnerability detection. We regularly engage with third-party vendors to perform external penetration testing, which identifies potential threats and reduces the impact and/or likelihood of these threats. Our employees perform similar intrusion tests and internal and external scans to help improve and harden the company's security posture. We also conduct security assessments of our IT vendors and certain business partners and maintain cyber incident response plans that are periodically reviewed and updated by our IT Security and Cyber Defense Teams and leveraged table top exercised performed by our IT teams. The incident response plan ties into our Cybersecurity Committee processes for review to ensure the required reporting of material incidents to the Board of Directors, as applicable. Our Board of Directors, primarily through the Audit Committee , oversees management's approach to managing cybersecurity risks as part of its risk management oversight. The Audit Committee holds discussions at least annually with management regarding the Company's guidelines and policies with respect to cybersecurity risks and receives regular reports from the CIO regarding such risks and the steps management has taken to monitor and control any exposure resulting from such risks. Computer viruses, hackers, and employee or vendor misconduct, and other external hazards could expose our data systems and those of our vendors to security breaches, cybersecurity incidents or other disruptions, any of which could materially and adversely affect our ability to conduct our business. The sophistication of cybersecurity threats continues to increase, and the controls and preventative actions we take to reduce the risk of cybersecurity incidents and protect our systems, including the regular testing of our cybersecurity incident response plan, may be insufficient. In addition, new technology that could result in greater operational efficiency may further expose our computer systems to the risk of cybersecurity incidents. While we have experienced cybersecurity incidents, to date, we are not aware of any risks from cybersecurity threats that have materially affected or are reasonably likely to materially affect our business strategy, results of operations, or financial condition. For more information, see "Item 1A. Risk Factors - We are increasingly dependent on information technology, and our business and reputation could suffer if we are unable to protect our information technology systems against, or effectively respond to, cyber-attacks or other cyber security incidents or breaches, or if our information technology systems are otherwise disrupted."

Company Information