Payoneer Global Inc. - (PAYO)
10-K Filing Date: February 28, 2024
Item 1C. Cybersecurity
Cybersecurity Risk Management
Cybersecurity risk management is an integral part of Payoneer’s control infrastructure and is included as an overall risk in our enterprise risk management program. Payoneer’s cybersecurity risk management program is designed to align with industry best practices like National Institute of Standards and Technology (NIST) and Control Objectives for Information Technology (COBIT) which help provide a framework for handling cybersecurity threats and incidents, including threats and incidents associated with the use of applications developed and services provided by third-party service providers, and facilitate coordination across different departments of our company. This framework includes steps for assessing the severity of a cybersecurity threat, identifying the source of a cybersecurity threat including whether the cybersecurity threat is associated with a third-party service provider, implementing cybersecurity countermeasures and mitigation strategies and informing management and our Risk Committee of the Board of Directors (“Risk Committee”) of material cybersecurity threats and incidents. Our cybersecurity team is responsible for assessing our cybersecurity risk management program considering industry best practice and aligning to regulatory requirements and engages with third-party security experts for advisement on cybersecurity risk assessments and system enhancements. In addition, our cybersecurity team provides training to employees on a periodic basis.
Our Board of Directors has overall oversight responsibility for our risk management, and delegates cybersecurity risk management oversight to the Risk Committee. The Risk Committee is responsible for reviewing our cybersecurity and the protection of data integrity policies and practices, including making recommendations for improvements in these areas. The Risk Committee oversees that management has processes in place designed to identify and evaluate cybersecurity risks to which the company is exposed and implement processes and programs to manage cybersecurity risks and mitigate cybersecurity incidents. The Risk Committee also reports material cybersecurity risks to our Audit Committee and material cybersecurity incidents would be reported to the full Board of Directors by management and/or the Risk Committee.
Management is responsible for identifying, considering and assessing material cybersecurity risks on an ongoing basis, establishing processes to ensure that such potential cybersecurity risk exposures are monitored and escalated appropriately, putting in place appropriate mitigation measures and maintaining cybersecurity programs. Our cybersecurity programs are under the direction of our Chief Information Security Officer (“CISO”), who receives reports from our cybersecurity team and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents. Our CISO and dedicated personnel are experienced information systems security professionals and information security managers with many years of experience. Management, the CISO and our cybersecurity team, periodically update the Risk Committee on the Company’s cybersecurity programs, material cybersecurity risks and mitigation strategies and provide cybersecurity reports quarterly that cover, among other topics, third-party assessments of the Company’s cybersecurity programs, developments in cybersecurity and updates to the Company’s cybersecurity programs and mitigation strategies.
35