ENTRAVISION COMMUNICATIONS CORP - (EVC)

10-K Filing Date: March 14, 2024
ITEM 1C.CYBERSECURITY

Cybersecurity Risk Management and Strategy. Our cybersecurity and data protection strategy is part of our overall enterprise risk management program, and is focused on the identification, detection, management and mitigation of security risks and prompt incident response intended to protect the confidentiality, integrity, and availability of our critical systems and information. Our cybersecurity risk management program shares common methodologies, reporting channels and governance processes that apply to the other areas of enterprise risk, including legal, compliance, strategic, operational, technology and financial risk. Key elements of our cybersecurity risk management strategy include:

the use of external service providers, where appropriate, to assess, test or otherwise assist with aspects of our security program;
data protection policies and controls; and
the deployment of technologies designed to mitigate material cybersecurity risks to our critical systems, information, products and services, and our broader enterprise information technology environment.

As of the date of this report, we have not identified any cybersecurity threats, including as a result of any previous cybersecurity incidents, that have materially affected or are reasonably likely to materially affect our business strategy, results of operations, or financial condition. For a discussion of whether and how any risks from cybersecurity threats have materially affected or are

20


reasonably likely to materially affect us, including our business strategy, results of operations or financial condition, see Item 1A, "Risk Factors".

Cybersecurity Governance. The Audit Committee of our Board of Directors reviews risks related to information technology, including cybersecurity, and receives reports from our executive officers and third parties on cybersecurity matters. Management is responsible for developing cybersecurity programs, including as may be required by applicable law or regulation. Our Chief Technology Officer oversees cybersecurity matters, with support from our internal information technology team and third parties. We expect that our cybersecurity risk management processes and strategy will continue to evolve in response to the evolution of the cybersecurity threat landscape.