PMV Consumer Acquisition Corp. - (PMVC)

10-K Filing Date: March 28, 2024
ITEM 1C. CYBERSECURITY

 

The Company utilizes office space and IT infrastructure that are managed by staff who are employees of an affiliated member of our Sponsor. This affiliated member of our Sponsor has developed and implemented a cybersecurity risk management program intended to protect the confidentiality, integrity and availability of critical systems and information.

 

Accordingly, the Company relies on the cybersecurity risk management program of the affiliated member of our Sponsor and has determined that the program is aligned with the Company’s business strategy. It shares common methodologies, reporting channels and governance processes that apply to other areas of enterprise risk, including legal, compliance, strategic, operational, and financial risk. Key elements of the cybersecurity risk management program include:

 

risk assessments designed to help identify material cybersecurity risks to our critical systems, information, products, services, and our broader enterprise information technology environment;

 

a security team principally responsible for managing our cybersecurity risk assessment processes, our security controls, and our response to cybersecurity incidents;

 

the use of external service providers, where appropriate, to assess, test or otherwise assist with aspects of our security controls;
   
training and risk awareness programs for team members that include periodic and ongoing assessments to drive adoption and awareness of cybersecurity processes and controls;

 

a cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents; and

 

a third-party risk management process for service providers, suppliers, and vendors.

 

In the last three years, the Company has not experienced any material cybersecurity incidents, and expenses incurred from cybersecurity incidents were immaterial.

 

The operations of the Company are dependent on technology information and communications systems. A failure of any such system, or a security breach or cyberattack related thereto, could significantly disrupt the Company’s operations. The service providers of the Company are also subject to cybersecurity threats. If the Company and/or any service provider of the Company fails to adopt, implement or adhere to adequate cybersecurity measures, or in the event of a breach of any network, information relating to the Company or the Company’s operations, as well as personal information relating to the Company’s potential partners, may be lost, damaged or corrupted, or improperly accessed, used or disclosed.

 

Any system failure, security breach or cyberattack on the Company and/or any service provider of the Company could cause the Company to suffer financial loss, disruption to its business, increased operating costs, liability to third parties, regulatory intervention and reputational damage, among other things, any one or all of which could have a material adverse effect on the Company.

 

Cybersecurity Governance

 

Our Board of Directors is responsible for overseeing cybersecurity threats, among other things. The Chief Technology Officer of the affiliated member of our Sponsor is available to provide our senior management and our Board of Directors reports on our cybersecurity risks and any material cybersecurity incidents.

 

The cybersecurity risk management team of the affiliated member of our Sponsor, in conjunction with its various information technology, internal audit, legal and compliance personnel, has primary responsibility for the overall cybersecurity risk management program.

 

The Chief Technology Officer of the affiliated member of our Sponsor, who has over 20 years of experience in the cybersecurity space and advanced training in the field of cybersecurity and technology, manages a team of cybersecurity professionals that has primary responsibility for any internal cybersecurity personnel and retained external cybersecurity consultants.

 

The information technology team also monitors the prevention, detection, mitigation, and remediation of cybersecurity risks and incidents through various means, which may include briefings with internal personnel, threat intelligence and other information obtained from governmental, public or private sources, including external consultants, and alerts and reports produced by security tools deployed in the information technology environment