Our cybersecurity teams work cross-functionally to further embed security into our culture, continuously enhancing our programs and systems.

Our cybersecurity and information security programs are led by our Chief Information Officer (CIO) and Cybersecurity Director. The cybersecurity team reports to the Chief Financial Officer and meets with the Executive Leadership Team on a quarterly basis. The Audit Committee of the Board of Directors has responsibility for overseeing cybersecurity, and our CIO presents to the committee on key risks and mitigation efforts at least twice a year and to the full Board at least once a year. In addition to the CIO and the corporate team, each IDEX business is required to have an employee who is responsible for cybersecurity.

Our cybersecurity program has three core principles: Security First, Compliance Always, and Audit Anytime. These principles guide our efforts to further entrench cybersecurity within our operational processes and global culture.

We align our program with the U.S. Department of Commerce’s National Institutes of Standards and Technology (NIST) Cybersecurity Framework, driving consistency and best practices across the company. We also utilize a risk registry to prioritize and address critical IT risks across the enterprise.

2024 was a pivotal year for our cybersecurity program, as we added new cybersecurity roles and enhanced our systems to assess potential threats. We expanded policies and procedures and launched initiatives to strengthen our business continuity and disaster recovery plans to improve natural disaster and incident readiness.

Cybersecurity is also a component of our enterprise risk management strategy. Our cybersecurity team coordinates with our Legal and Compliance Department, to help drive alignment with regulatory and reporting requirements.

Employee awareness is essential to a strong cybersecurity culture. All employees are required to complete annual cybersecurity training, and we conduct regular phishing simulations with employees. In 2024, we rolled out a “Repeat Clicker Program” to address recurring vulnerabilities with additional training and managerial oversight.

In addition, a critical part of our program is an annual tabletop exercise, applying what we’ve learned and prepared over the year into a hypothetical exercise designed to test our readiness and preparedness.

Safeguarding employee and customer sensitive data and remaining compliant with global privacy regulations is a top priority.

Data privacy is overseen by the Legal and Compliance Department and every IDEX business unit has a dedicated privacy point of contact. While our Chief Compliance Officer oversees data privacy at the corporate level, each business unit is responsible for applying data privacy standards in areas such as Data Protection Agreements (DPA) compliance and Records of Processing Activity (ROPA) compliance.

The corporate compliance team routinely conducts training sessions for employees regarding data privacy issues and performs data privacy audits using a risk-based approach.

We are in the initial stages of incorporating artificial intelligence (AI) into our business activities and our product and service offerings. As with many innovations, AI comes with specific risks and challenges. We have implemented policies and governance to promote its responsible use, including the implementation of an oversight committee. Our AI Oversight Committee includes members from cybersecurity, IT, Legal and Compliance, and manufacturing departments and manages AI policies, approved tools, and risk assessments.