LITTELFUSE INC /DE 10-K Cybersecurity GRC - 2026-02-19

Page last updated on February 19, 2026

LITTELFUSE INC /DE reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-02-19 13:50:13 EST.

Filings

10-K filed on 2026-02-19

LITTELFUSE INC /DE filed a 10-K at 2026-02-19 13:50:13 EST
Accession Number: 0001628280-26-009585

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY. Risk management and strategy The cybersecurity and data protection program at Littelfuse is based on foundational principles outlined in applicable industry and internationally accepted-cybersecurity frameworks. The Company has experienced and will continue to experience cyber-attacks, attempts to breach its systems, and other similar incidents, however we do not believe that the prior cyber incidents have materially affected or are reasonably likely to materially affect the Company . Littelfuse faces risks from cybersecurity threats that could have a material adverse effect on its business, financial condition, results of operations, cash flows, or reputation. Like all cybersecurity programs, there is no guarantee that every attack method and technique has been fully addressed, as these change constantly, but Littelfuse is diligent in its attempts to protect data of the Company and its stakeholders. Littelfuse strives to assess and update its cybersecurity program on a regular basis using an Information Security Management System ("ISMS") comprised of three main elements - 1) independent internationally recognized vendors and technologies for assessments and monitoring , 2) strong internal controls based on industry standards, and 3) Board and Senior Leadership governance and support. The ISMS within Littelfuse consists of internationally recognized program elements that reduce the risk of an operational or cybersecurity incident from significantly impacting Littelfuse and its customers, vendors, and employees. These ISMS elements include but are not limited to: Security Awareness and Training - Littelfuse has an IT security awareness program consisting of training on the fundamentals of information security protection. These training courses are provided annually. Network Protection - Network protection, detection, and monitoring technologies have been deployed on all external and internal network connections to segment different sections of the business from each other to strengthen key protection capabilities. Identity and Access Management ("IAM") - Littelfuse has implemented user authentication controls on its systems, devices, data, and applications. In addition, multi-factor authentication is implemented for all personnel who remotely access or have privileged account access to Littelfuse systems and networks. Data Classification and Protection - Littelfuse has implemented data loss prevention and classification labels and encryption on its internal unstructured data to prevent unauthorized data loss and data sharing. Structured data in ERP systems and core business systems are encrypted and protected by industry cybersecurity standards and procedures. Endpoint Protection - Littelfuse has implemented anti-virus, malware, and endpoint protection management detection and monitoring solutions on end-user devices and servers. Logs and alerts from these monitoring solutions are routed to independent third-party monitoring vendors that provide 24/7 monitoring, around the world. Threat and Vulnerability Management - Littelfuse uses an internationally recognized managed security services provider ("MSSP") and technologies to collect security alert and audit logs on a 24/7 basis, monitor and assess latest threat intelligence, provide analysis on new identified potential vulnerabilities, and provide response and support services to rapidly reduce any identified vulnerabilities. Security Incident Management - Security incident response plans and procedures have been developed in collaboration with our MSSP. They allow us to assess potential threats, first and second level notification and response protocols, and supporting notification protocols - both internally and externally. These plans, procedures, and protocols are tested and updated on a regular basis. Resiliency and Contingency Planning - Risk assessments are performed on a regular basis to assess the IT risk of single points of failure, security maturity, and security vulnerabilities. The results of these assessments are used to define various resiliency and contingency mitigation strategies, corrective action plans, on-site and remote data back-up strategies and technologies and allocation of IT resources. Assessments and testing - Littelfuse engages third party specialists to conduct periodic assessments and testing of our policies, standards, processes, and practices that are designed to address cybersecurity threats. These efforts include tabletop exercises, risk assessments, vulnerability testing, and other exercises focused on evaluating the effectiveness of our cybersecurity program. We adjust our cybersecurity program where appropriate based on the internal and external assessments and testing results. Governance The Audit Committee of the Board of Directors is tasked with overseeing the Company's cybersecurity program as a part of its broader compliance oversight mandate. The Company's Chief Information Officer ("CIO") and Chief Information Security Officer ("CISO") are responsible for its cybersecurity program and regularly provide updates to the Littelfuse Executive Leadership Team ("ELT") and the Audit Committee, as well as the full Board, which include information regarding our cybersecurity program initiatives, insurance coverage, acquisition integration processes, program performance as well as the maturity of the Littelfuse cybersecurity program. These cybersecurity maturity updates are based on cybersecurity maturity reporting and analysis by the Littelfuse internal IT team, as well as reporting provided by independent third parties. The updates help the ELT, the Audit Committee, and the Board to understand the risks the organization faces based on changing cybersecurity threats and on changes to the Littelfuse environment due to factors such as acquisitions and new technology upgrades and improvements. Representatives from Littelfuse's technology team and other business functions receive regular cybersecurity risk reports and use this information for its decision making in operational improvements as well as budget and resource allocations. For the past seven years, the CIO has led and evolved Littelfuse's cybersecurity function. To address growing cyber threats and advance the program further, in 2025 the Company appointed a CISO with over 20 years of information technology and cybersecurity experienc e.

Company Information