SUPERIOR GROUP OF COMPANIES, INC. 10-K Cybersecurity GRC - 2026-03-03

Page last updated on March 3, 2026

SUPERIOR GROUP OF COMPANIES, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-03-03 17:06:14 EST.

Filings

10-K filed on 2026-03-03

SUPERIOR GROUP OF COMPANIES, INC. filed a 10-K at 2026-03-03 17:06:14 EST
Accession Number: 0001437749-26-006653

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Cybersecurity Risk Management and Strategy We recognize the increasing volume and sophistication of cyber threats and take our responsibility to protect the information and systems under our purview seriously. We consider cybersecurity threat risks alongside other Company risks as part of our overall risk assessment process. Our cybersecurity processes aim to provide a comprehensive approach to assess, identify, manage, mitigate, and respond to cybersecurity threats. We maintain a cybersecurity risk program predicated on a risk-based approach. We use cost-effective controls that are commensurate with the risk and sensitivity of our specific information systems, control systems, and enterprise data. Our cybersecurity program incorporates best practices and industry standards from multiple sources and is designed to comply with applicable regulations. The cybersecurity program includes, but is not limited to, risk assessment, policies and procedures, training and awareness, auditing, log collection and analysis, threat hunting and intelligence surveillance, compliance monitoring and testing, and incident response. Our internal professionals collaborate with external subject matter specialists, as necessary. All third parties engaged for such matters are subjected to scrutiny to ensure they satisfy our security standards. We periodically review our third-party engagements to ensure that the providers maintain the necessary levels of protection and competency, as well as to oversee and identify potential cybersecurity risks and/or threats from such engagements. In addition, our cybersecurity program operates within a continuous-improvement model intended to ensure long-term effectiveness and resiliency. This includes periodic internal reviews and assessments of our controls, follow-up on corrective actions, incorporation of lessons learned from incidents, and evaluation of emerging threats and technologies. These activities support ongoing enhancements to our processes and help ensure that our cybersecurity capabilities evolve alongside changes in our operating environment and the broader threat landscape. We describe how risks from cybersecurity threats could materially affect us, including our business strategy, results of operations, or financial condition, as part of our risk factor disclosures at Part I, Item 1A, "Risk Factors" of this Annual Report on Form 10-K . Cybersecurity Governance Cybersecurity is an important part of our risk management processes and an area of focus for our Board and management. Our Board and its Audit Committee are responsible for oversight of our cybersecurity risk, including the effectiveness of cybersecurity risk management policies and protocols, while our Chief Information Officer (CIO), who has over 20 years of technology and security leadership experience across public, private and private equity backed businesses, is responsible for our cybersecurity strategy and execution. Supporting the CIO is our Head of IT Security and Infrastructure, who has over 8 years of security and infrastructure leadership experience and holds a CISSP certification, and is also responsible for cybersecurity strategy and execution as well as managing day-to-day security operations, monitoring threat activity, and coordinating incident response across the organization. As part of the Board's oversight, the Audit Committee, which is comprised entirely of independent directors, receives quarterly reports from executive management about the prevention, detection, mitigation, and remediation of cybersecurity incidents. The Board receives at least an annual report from executive management. Additionally, we have processes by which a cybersecurity incident would be escalated internally and, when appropriate, reported to the Board (or appropriate committee), as well as for updating the Board regarding such incident until it has been resolved.

Company Information