Inspired Entertainment, Inc. - (INSE)

10-K Filing Date: April 15, 2024
ITEM 1C. CYBERSECURITY.

 

The Company maintains a governance structure to address cybersecurity risk, which involves a dedicated Information Security Team (the “Information Security Team”), an Information Security Governance Board (the “Information Security Governance Board”), the Audit Committee of the Board and the Board.

 

The Company’s Information Security Team, led by our Director of Information Security, is responsible for identifying, assessing, mitigating, and reporting on material cybersecurity risks to the Company’s Information Security Governance Board. The Company’s Director Information Security holds high-level licenses and certifications relating to information security, including being a Certified Chief Information Security Officer and holding a BCS Foundation Certificate in Formation Security Management Principles. The Company’s Information Security Governance Board, chaired by the Company’s Director of Information Security and comprised of the General Counsel, the President & Chief Executive Officer, the Interim Chief Financial Officer, and the Chief Technology Officer - Product, drives awareness and alignment across broad stakeholder groups for cybersecurity governance and risk management and reporting. The Information Security Governance Board receives quarterly reports from the Company’s Director of Information Security. The Audit Committee receives at least quarterly reports from the Company’s Director of Information Security. The Audit Committee periodically reports to the Board.

 

We have implemented a risk-based approach to identify and assess the cybersecurity threats that could affect our business and information systems. Our cybersecurity program is aligned with industry standards and best practices, such as ISO 27001. We conduct periodic risk assessments to identify the potential impact and likelihood of various cyber scenarios, including those involving third-party service providers, and to determine the appropriate mitigation strategies and controls. We use various tools and methodologies to manage cybersecurity risk, including implementation of a business continuity process that includes a comprehensive Incident Response Plan and Procedure that is reviewed on a regular cadence. We also monitor and evaluate our cybersecurity posture and performance on an ongoing basis through regular vulnerability scans, penetration tests, threat intelligence feeds, and external audits by an independent third party. The Company maintains the ISO 27001 accreditation. We maintain a vendor onboarding program pursuant to which third-party service providers with access to personal, confidential or proprietary information to implement and maintain comprehensive cybersecurity practices consistent with applicable legal standards and industry best practices. The Company’s assessment of risks associated with use of third-party providers is part of the Company’s overall cybersecurity risk management program.

 

36
 

 

The Company also maintains a training program (“Training Program”), which is designed, implemented, and maintained by the Company’s Director of Information Security. This Training Program reinforces the Company’s information technology risk and security management policies, standards and practices, as well as the expectation that employees comply with these policies and engages personnel through training on how to identify potential cybersecurity risks and protect the Company’s resources and information, as well as how to respond to unauthorized access to or use of Company information. The Training Program training is mandatory for all employees at least annually, and it is supplemented by Company-wide assessment initiatives, including periodic phishing campaigns.

 

Although we have designed our cybersecurity program and governance procedures above to mitigate cybersecurity risks, we face unknown cybersecurity risks, threats and attacks. To date, these risks, threats or attacks have not had a material impact on our operations, business strategy or financial results, but we cannot provide assurance that they will not have a material impact in the future. See the section entitled “Risk Factors” included elsewhere in this Annual Report for further information. We continuously work to enhance our cybersecurity risk management program.