fuboTV Inc. /FL - (FUBO)

10-K Filing Date: March 04, 2024
Item 1C. Cybersecurity
Cybersecurity Risk Management and Strategy
We have developed and implemented a cybersecurity risk management program intended to protect the confidentiality, integrity, and availability of our critical systems and information. We design and assess our program based on the International Organization for Standardization (“ISO”) 27001 Framework and other applicable industry standards. This does not imply that we meet any particular technical standards, specifications, or requirements, only that we use such standards, including the ISO 27001 Framework, as a guide to help us identify, assess, and manage cybersecurity risks relevant to our business.
Our cybersecurity risk management program is supported by both management and our Board of Directors, and is integrated into our overall enterprise risk management program, and shares common methodologies, reporting channels and governance processes that apply across the enterprise risk management program to other legal, compliance, strategic, operational, and financial risk areas.
Our cybersecurity risk management program includes:
risk assessments designed to help identify material cybersecurity risks to our critical systems, information, products, services, and our broader enterprise IT environment, which are then used to drive alignment on, and prioritization of, initiatives to enhance our security controls, make recommendations to improve processes, and inform a broader enterprise-level risk assessment that is presented to our management team and Audit Committee on a quarterly basis;
a security team principally responsible for managing (1) our cybersecurity risk assessment processes, (2) our security controls, and (3) our response to cybersecurity incidents;
the use of external service providers, where appropriate, to assess, test or otherwise assist with aspects of our security controls;
periodic assessment and deployment of security tools and technical safeguards designed to protect our information systems from cybersecurity threats;
cybersecurity awareness training of our employees, incident response personnel, and senior management;
a cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents; and
controls designed to identify and manage cybersecurity threats associated with our use of third-party service providers, suppliers and vendors with respect to our critical systems and data.
We have not identified any cybersecurity threats, including as a result of prior incidents, that as of the date of this Annual Report have materially affected us, or are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition. We continue to invest in the cybersecurity and resiliency of our networks and to enhance our internal controls and processes, which are designed to help protect our systems and infrastructure, and the information they contain. However, there can be no guarantee that such controls, policies and procedures will be fully implemented and properly followed in every instance, or that those investments or policies and procedures will be effective. We therefore can provide no assurance that there will not be incidents in the future or that they will not materially affect us, including our business strategy, results of operations, or financial condition. For more information regarding the risks we face from cybersecurity threats, please see Part I, Item 1A. “Risk Factors—Risks Related to Privacy, Consumer Protection and Cybersecurity—Any significant interruptions, delays or discontinuations in service or disruptions in or unauthorized access to our information technology systems or those of third parties that we utilize in our operations, including those relating to cybersecurity or arising from cyber-attacks, could result in a loss or degradation of service, unauthorized disclosure of data, including subscriber and corporate information, or theft of intellectual property, including digital content assets, which could adversely impact our business."

Cybersecurity Governance
47

Table of Contents
Our Board considers cybersecurity risk as part of its risk oversight function and has delegated to the Audit Committee oversight of cybersecurity and other information technology risks. The Audit Committee oversees management’s implementation of our cybersecurity risk management program.
The Committee receives quarterly reports from management and our internal cybersecurity personnel, including our Senior Director of Cybersecurity, on our cybersecurity risks. In addition, management updates the Audit Committee, as necessary, regarding any material cybersecurity incidents, as well as any incidents with lesser impact potential. The Audit Committee reports to the full Board regarding its activities, including those related to cybersecurity. The full Board also receives briefings from management on our cyber risk management program.
Our management team, including our Chief Financial Officer, Chief Legal Officer and Chief Technology Officer, is responsible for assessing and managing our material risks from cybersecurity threats, and has primary responsibility for our overall cybersecurity risk management program. The management team has broad experience in overseeing and managing enterprise risk, governance and compliance functions, and supervises both our internal cybersecurity personnel, including our Senior Director of Cybersecurity who reports directly to our Chief Financial Officer, and external cybersecurity consultants retained from time to time, in each case who have broad cybersecurity experience and expertise, including in threat assessments and detection, mitigation technologies, training, incident response, cyber forensics, insider threats and regulatory compliance.
Our management team supervises efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, which may include briefings from internal security personnel; threat intelligence and other information obtained from governmental, public or private sources, including external consultants engaged by us from time to time to review and assess our cyber programs and policies; and alerts and reports produced by security tools deployed in the IT environment. In addition, our Chief Financial Officer, Chief Technology Officer and Chief Legal Officer are members of our internal Cybersecurity Governance Committee, chaired by the Senior Director of Cybersecurity, a management committee comprised of leadership from primary corporate functions including Finance, Human Resources, Information Technology, Engineering, Internal Audit and Legal, which meets quarterly to drive alignment on security decisions across the Company, including reviewing security performance metrics, identifying security risks, and assessing the status of approved security enhancements.


48

Table of Contents