DYCOM INDUSTRIES INC 10-K Item 1C. Cybersecurity - 2026-03-09
DYCOM INDUSTRIES INC disclosed their cybersecurity strategy, risk management and governance process in an annual SEC Filing 10-K filing on 2026-03-09 08:16:51 EDT
Company Summary
Dycom Industries, Inc. is a provider of specialty contracting services to telecommunications infrastructure and utility industries across the United States, offering engineering, program management, aerial/underground/wireless construction, maintenance, installation and underground facility locating services.
Filings
10-K filed on 2026-03-09
DYCOM INDUSTRIES INC filed an SEC Filing 10-K filing on 2026-03-09 08:16:51 EDT.
Accession Number: 0000067215-26-000008
Item 1C. Cybersecurity
Item 1C - Cybersecurity
Item 1C. Cybersecurity.
Cybersecurity Risk Management and Strategy
We are committed to protecting the confidentiality, integrity, and availability of our information assets and managing cybersecurity risks effectively. Our cybersecurity strategy focuses on proactive risk management, continuous improvement, collaboration and partnerships, and investment in security technologies.
We face various cybersecurity risks, including unauthorized access, information leakage, malware and viruses, technical disruption, and insider threats. Identifying, assessing, and managing these risks is the foundation of our comprehensive cybersecurity framework and is integrated into our overall risk management systems and processes . We have implemented strong access controls, regular security assessments, vulnerability management, user education and awareness, monitoring, threat intelligence (including user behavior analytics), and managed detection and response to mitigate cybersecurity risks.
Our implementation of strong access controls includes multi-factor authentication, least privilege access, role-based access control, and network segmentation to ensure information assets are protected from unauthorized access and/or exposure.
We conduct regular security assessments to identify vulnerabilities, test compliance, proactively address security risks that would impact the organization, and prioritize those risks based on their likelihood and potential impact. The associated activities include performing risk, vulnerability, penetration, and compliance assessments to assist in identifying potential internal and external threats and weaknesses in our systems, networks, and applications and performing simulations to test and improve our incident response plans while building resiliency.
In addition to the controls and assessments noted above, we regularly engage with our internal and external auditors and third-party cybersecurity consultants to assess our cybersecurity program, ensuring adherence to applicable industry standards, practices, and laws.
Our cybersecurity program also includes third-party risk management evaluation and monitoring of our suppliers, vendors, and other business partners to help identify and mitigate risks that may impact our company. We evaluate existing risks, threats, and prior cybersecurity incidents of new vendors, suppliers, and business partners using various risk assessments.
We have not experienced any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, that have materially affected or are reasonably likely to materially affect us or our business strategy, results of operations, or financial condition. For more information, see Item 1A. Risk Factors under the heading "A failure, outage, or cybersecurity breach of our technology systems or those of third-party providers may adversely affect our operations and financial results."
Cybersecurity Governance
Cybersecurity governance is a critical component of our organization's overall risk management framework and an area of focus for our Board and management. Our Board has delegated primary responsibility for overseeing risks from cybersecurity threats to the Audit Committee . The Audit Committee oversees information technology and cybersecurity, including strategies, risk identification and mitigation, and data privacy protection ("Information Security").
The Company's Chief Information Officer has been serving in this role for the company for 19 years and has over 30 years of experience in various information security and related technology roles. The Chief Information Officer oversees an internal information security team, which works in partnership with the Company's internal audit department and external third-party experts to review information technology-related controls as part of the overall internal controls process. The Chief Information Officer, who is in regular communication with the information security team, reports regularly to the Chief Executive Officer regarding vulnerabilities, new and developing threats, and compliance matters and also reports to the Audit Committee. The Audit Committee receives reports from the Chief Information Officer on a periodic basis, and more frequently, as needed, regarding cybersecurity-related matters. Such reports include updates with respect to existing and new cybersecurity risks, cybersecurity risk management and mitigation, cybersecurity incidents, as applicable, and key information security initiatives and recent developments.
Company
Profile
| Name | DYCOM INDUSTRIES INC |
|---|---|
| CIK | 67215 |
| SIC Description | |
| Industry | |
| Ticker | DY |
| Website | |
| Category | |
| Fiscal Year End | January 31 |