PLAYSTUDIOS, Inc. - (MYPS)
10-K Filing Date: March 12, 2024
ITEM 1C. CYBERSECURITY
We and our third-party vendors employ information technology, including networks, systems, and applications, to support our business processes and decision-making in our business. Our information technology infrastructure supports the flow of information throughout our business processes and is susceptible to cybersecurity threats. Accordingly, we have implemented and maintain various information security processes designed to identify, assess, and manage material risks from cybersecurity threats to our critical computer networks, third party hosted services, communications systems, hardware and software, and our critical data, including intellectual property, confidential information that is proprietary, strategic or competitive in nature, and data related to our customers and employees (“Information Systems and Data”).
We have a cybersecurity leadership team comprised of our Chief Information Security Officer, our Head of Infrastructure, and other senior leaders on our Information Technology group (“Cybersecurity Leadership Team”). Our Cybersecurity Leadership Team works with third-party service providers to help identify, assess, and manage our cybersecurity threats and risks, including through the use of our cybersecurity risk assessment program. Our Cybersecurity Leadership Team identifies and assesses risks from cybersecurity threats by monitoring and evaluating our threat environment and our risk profile using various methods, including automated and manual tools, third-party threat feeds, internal audits, access control assessments, and evaluating threats reported to us by various third-party enterprise threat reporting services.
Depending on the environment, we implement and maintain various technical, physical, and organizational measures, processes, standards, and policies designed to manage and mitigate material risks from cybersecurity threats to our Information Systems and Data.
Our assessment and management of material risks from cybersecurity threats are integrated into our overall risk management processes. For example, cybersecurity risks are considered a part of our overall business strategy, financial planning, and capital allocation.
We use third-party service providers to assist us from time to time in identifying, assessing, and managing material risks from cybersecurity threats. Our Cybersecurity Leadership Team inventories and prioritizes information security risks and evaluates material risks from cybersecurity threats, and reports those periodically to the Audit Committee of our Board of Directors, which evaluates our overall enterprise risk.
To date, the Company has not experienced a cybersecurity threat or incident that has materially affected or is reasonably likely to materially affect the Company. The Company, however, has experienced and expects to continue to experience cyber incidents of varying degrees. Cybersecurity threats may, among other things, cause material disruptions to our operations, which may materially affect our results of operations and/or financial condition. For more information about risks from cybersecurity threats that may materially affect us and how they may do so, see "Risk Factors — Despite our security measures, we have been subject to attacks by hackers, and our information technology and infrastructure may in the future be vulnerable to attacks by hackers or breached due to employee error, malfeasance, or other disruptions." as well as the other risk factors contained in Item 1A of this Annual Report on Form 10-K.
Our Board of Directors has ultimate oversight responsibility over cybersecurity-related matters and has assigned oversight of cybersecurity risk management to the Audit Committee. The Audit Committee assists the Board in fulfilling its oversight responsibilities with respect to the management of risks arising from cybersecurity threats and, in furtherance thereof, regularly receives reports from our senior management and Cybersecurity Leadership Team on cybersecurity matters. These reports are intended to highlight the state of our cybersecurity and data security programs, as well as our progress on key initiatives in this area. In addition, the Board receives reports addressing cybersecurity as part of our overall enterprise risk management program and to the extent cybersecurity matters are addressed in regular business updates. As appropriate, the Board also may receive information regarding specific cybersecurity incidents and resulting mitigation efforts.
50