Who leads the team that manages and monitors the cybersecurity program at Benihana?
Benihana Franchise · 2024 FDDAnswer from 2024 FDD Document
The program is managed and monitored by a team led by our Chief Information Officer and includes mechanisms, controls, technologies, systems, policies and other processes designed to prevent or mitigate data loss, theft, misuse, or other security incidents or vulnerabilities affecting the systems and data residing in them. For example, we conduct risk-based penetration and vulnerability testing and ongoing risk assessments. We also conduct employee training on cyber and information security, among other topics. In addition, we consult with outside advisors and experts to assist with assessing, identifying, and managing cybersecurity risks and their impact on our risk environment. Lastly, we outsource to a cybersecurity firm all intrusion detection, intrusion prevention and system incident and event monitoring.
Our Chief Information Officer, who reports directly to the Chief Executive Officer and has over 25 years of experience managing information technology and cybersecurity matters, together with our thirdparty service providers, are responsible for assessing and managing cybersecurity risks. We consider cybersecurity, along with other significant risks that we face, within our overall enterprise risk management framework. In the last fiscal year, we have not identified any prior cybersecurity incidents that materially affected us, but we face certain ongoing risks from
cybersecurity threats that, if realized, could materially affect us. Additional information on cybersecurity risks we face is discussed in Part I, Item 1A, "Risk Factors," under the heading "Cybersecurity, Data Privacy and IT Systems."
The Board of Directors, as a whole and at the committee level, has oversight for the most significant risks facing us and for our processes to identify, prioritize, assess, manage, and mitigate those risks. The Audit Committee, which is comprised solely of independent directors, has been designated by our Board to oversee cybersecurity risks. The Committee receives regular updates and reviews with management the implementation and effectiveness of the Company's controls to monitor and mitigate cybersecurity risks.
Source: Item 22 — CONTRACTS (FDD pages 73–74)
What This Means (2024 FDD)
According to Benihana's 2024 Franchise Disclosure Document, the cybersecurity program is managed and monitored by a team led by the Chief Information Officer (CIO). The team includes mechanisms, controls, technologies, systems, policies, and other processes designed to prevent or mitigate data loss, theft, misuse, or other security incidents. The CIO reports directly to the Chief Executive Officer and has over 25 years of experience managing information technology and cybersecurity matters. Benihana also uses third-party service providers who are responsible for assessing and managing cybersecurity risks.
Benihana conducts risk-based penetration and vulnerability testing, ongoing risk assessments, and employee training on cyber and information security. They also consult with outside advisors and experts to assist with assessing, identifying, and managing cybersecurity risks and their impact. Additionally, Benihana outsources all intrusion detection, intrusion prevention, and system incident and event monitoring to a cybersecurity firm.
The Board of Directors, specifically the Audit Committee, oversees cybersecurity risks. The Audit Committee, comprised solely of independent directors, receives regular updates and reviews with management the implementation and effectiveness of the company's controls to monitor and mitigate cybersecurity risks. Benihana considers cybersecurity within its overall enterprise risk management framework.