|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Cybersecurity risk management is an integral part of our overall enterprise risk management efforts. Mtron achieved ISO 27001:2022 certification during 2024, demonstrating a robust information security management program. The Company has chosen the National Institute of Standards for its base framework for handling cybersecurity threats and incidents because it is compatible with certain risk management business functions required by customers and United States Government oversight. Controls in the SP 800-53 (Security and Privacy Controls for Information Systems and Organizations) catalog have been tailored-in based on governance found in ISO 27001:2022, SP 800-171 (Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations), internally determined IT general controls and industry best practices. The selected controls create a balanced approach aimed at protecting confidentiality, integrity, and availability of the Company’s IT systems.
The Board, which has primary responsibility for overseeing risk management, has delegated its primary responsibility for the oversight of cybersecurity and information technology risks, and the Company’s preparedness for these risks, to the Audit Committee of the Board (the "Audit Committee"). The Audit Committee has delegated the Company's cybersecurity functions to senior management, including the Director of IT, and ensures there are sufficient budgetary resources for personnel and technology to support the necessary cybersecurity functions. The Company’s cybersecurity incident response is overseen by our Director of IT, who reports directly to our President and is a member of the enterprise management team which includes our CEO. Our Director of IT is a Certified Information System Security Professional with more than 15 years of experience in information system management. As part of its oversight responsibilities, the Audit Committee receives updates at least annually, and as requested throughout the year, on our cybersecurity practices as well as cybersecurity and information technology risks from our Director of IT. Senior management are responsible for incident response efforts enterprise wide with the Director of IT and the broader internal IT team focusing on cybersecurity incidents.
The Company'steam participates in several industry information sharing groups including the Defense Industrial Base Cybersecurity Program and The Society of Industrial Security Professionals and has also fostered local contacts with the FBI and local industry peers. The IT team monitors industry news daily and responds to threat feeds from multiple sources. To further its cybersecurity efforts, Mtron has partnered with several external entities including:
Insider threats are monitored by an internal insider threat. users with email access are provided annual and quarterly cyber security training and participate in bi-weekly phishing tests to maintain continuous awareness of threats. Access to the Company's enterprise resource planning system is limited by a second layer of access approval and authorization through the corporate controller. Endpoint detection and response is centrally managed as is endpoint flaw detection and remediation.
In 2024, we did not identify any cybersecurity threats that have materially affected or are reasonably likely to materially affect our business strategy, results of operations, or financial condition. However, despite our efforts, we cannot eliminate all risks from cybersecurity threats, or provide assurances that we have not experienced an undetected cybersecurity incident. For more information about these risks, please see "Risk Factors – Cybersecurity risks and cybersecurity incidents may adversely affect our business by causing a disruption to our operations, a compromise or corruption of our confidential information, and/or damage to our business relationships, all of which could negatively impact our financial results" in this Report.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]
|In 2024, we did not identify any cybersecurity threats that have materially affected or are reasonably likely to materially affect our business strategy, results of operations, or financial condition. However, despite our efforts, we cannot eliminate all risks from cybersecurity threats, or provide assurances that we have not experienced an undetected cybersecurity incident. For more information about these risks, please see "Risk Factors – Cybersecurity risks and cybersecurity incidents may adversely affect our business by causing a disruption to our operations, a compromise or corruption of our confidential information, and/or damage to our business relationships, all of which could negatively impact our financial results" in this Report.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Board, which has primary responsibility for overseeing risk management, has delegated its primary responsibility for the oversight of cybersecurity and information technology risks, and the Company’s preparedness for these risks, to the Audit Committee of the Board (the "Audit Committee"). The Audit Committee has delegated the Company's cybersecurity functions to senior management, including the Director of IT, and ensures there are sufficient budgetary resources for personnel and technology to support the necessary cybersecurity functions. The Company’s cybersecurity incident response is overseen by our Director of IT, who reports directly to our President and is a member of the enterprise management team which includes our CEO. Our Director of IT is a Certified Information System Security Professional with more than 15 years of experience in information system management. As part of its oversight responsibilities, the Audit Committee receives updates at least annually, and as requested throughout the year, on our cybersecurity practices as well as cybersecurity and information technology risks from our Director of IT. Senior management are responsible for incident response efforts enterprise wide with the Director of IT and the broader internal IT team focusing on cybersecurity incidents.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef