Cybersecurity and Data Protection

Cybersecurity and data protection is an enterprise wide priority and is reflected in engagements with our customers and suppliers. Our comprehensive approach to securing our data and business systems from attack, compromise, or loss includes a combination of leading technologies, policies and procedures and a 24/7 cybersecurity operations team monitoring our environment for signs of attack and responding in real time.

We conduct mandatory information security awareness training for our employees at least annually and enhanced training for specialized personnel. We have instituted regular attack or malicious activity simulations for employees to enhance awareness and responsiveness to such possible threats, and we also employ third parties to perform penetration and vulnerability tests.

Our security policies are evaluated and updated annually to address changes in the regulatory and threat landscapes and evolving best practices. We identify potential cybersecurity risks using internal measures and external resources. Identified risks are captured and prioritized on our risk register. Results are regularly reported back to a cross-functional, executive cybersecurity risk committee which then validates risks. While we focus heavily on prevention and detection, response and recovery plans, service agreements and partner engagements are in place should there be a need for us to respond to an attack. We have adopted a security incident response plan that provides controls and procedures for timely and accurate reporting of material cybersecurity incidents. We also maintain cyber liability insurance coverage.

To more effectively prevent, detect and respond to information security threats, we have a dedicated Chief Information Security Officer whose team is responsible for leading enterprise-wide information security strategy, policy, standards, architecture and processes. As part of its oversight of cybersecurity risk, the Audit Committee of our Board of Directors meets at least quarterly with our Chief Information Security Officer, Chief Information and Digital Officer and other senior leaders to receive updates on cybersecurity risks and threats, the status of initiatives to strengthen our information security systems and management's assessments of our security program. Wesco has achieved ISO 27001 certification for its Information Security Management System.

With these security measures in place, we did not experience any material data breaches in 2023. We also finalized our planned three-year infrastructure and security integration between Wesco and Anixter, making significant progress in Zero Trust configuration and data loss prevention implementation.

To learn more, download the 2024 Wesco Sustainability Report here.

About This Report

Unless otherwise stated, this report covers activities, data and initiatives from our fiscal year 2023.

ESG Disclosure and Framework Alignment

The topics covered in this report include those that we have determined to be material for our business and stakeholders as noted on page 12. Wesco aligns with several ESG frameworks and disclosures in support of our commitment to transparency and our fulfillment of stakeholder needs and expectations. We leverage the following frameworks and standards to provide robust ESG information disclosure:

Global Reporting Initiative (GRI): GRI offers a list of global standards and guidelines around sustainability reporting.

Sustainability Accounting Standards Board (SASB): SASB provides a comprehensive set of industry-specific disclosure topics and guidelines.

Task Force on Climate-Related Financial Disclosures (TCFD): TCFD provides disclosure recommendations on thematic ESG topics such as governance, strategy, risk management, metrics and targets to provide stakeholders with fuller information surrounding climate risks.

CDP: Formerly the Carbon Disclosure Project, CDP is an international organization that helps companies and cities measure and disclose important environmental impact information through an annual questionnaire and rating system.

United Nations Global Compact (UNGC): UNGC is an initiative that aims to help businesses align their strategies and work toward the U.N.'s Sustainable Development Goals.

United Nations Sustainable Development Goals (U.N. SDGs): U.N. SDGs provide a shared set of 17 toward peace and prosperity for people and planet goals and create a call to action by all countries in a global partnership.

We also regularly engage with our investors, employees, customers, regulators, ratings agencies and others on ESG and business issues. Additional information about Wesco can be found in our public financial filings - including our annual report and proxy filings - as well as on the Security and Exchange Commission's website at www.sec.gov or on the Investors page of our website at Wesco.com.

Wesco plans to continue to report annually as we monitor, measure, and deepen our ESG initiatives and disclosures.

Wesco endorses the United Nations Sustainable Development Goals (SDGs), which are a call to action to end poverty, protect the planet, and ensure that all people enjoy peace and prosperity.

More information about our SDG aligned initiatives is included throughout this report.

Assurance

We did not seek third-party assurance for this report; however, we will consider doing so for future reporting. The information and data contained in this report was vetted by internal subject matter experts on the various ESG topics included in this report.

Contact Us

We appreciate and welcome feedback on our ESG initiatives and reporting and invite you to contact us directly via email at Sustainability@Wesco.com.

