Playtika Holding Corp. - (PLTK)
10-K Filing Date: February 26, 2024
ITEM 1C. CYBERSECURITY RISK MANAGEMENT AND STRATEGY
We have developed and implemented a cybersecurity risk management program intended to protect the confidentiality, integrity, and availability of our critical systems and information.
We use the NIST Cybersecurity Framework and CIS Critical Security Controls as a guide to help us identify, assess, and manage cybersecurity risks relevant to our business. This does not imply that we meet any particular technical standards, specifications, or requirements.
Our cybersecurity risk management program comprises one component of our overall enterprise risk management program which is organized by discipline areas. Our cybersecurity risk management program shares common reporting channels and governance processes that apply across the enterprise risk management program to other legal, compliance, strategic, operational, and financial risk areas.
Our cybersecurity risk management program includes the following key elements:
•risk assessments designed to help identify material cybersecurity risks to our critical systems, information, services, and our broader enterprise IT environment;
•integration with software development procedures and processes throughout the lifecycles of our products.
59
•a team comprised of IT security, IT engineering and IT compliance personnel principally responsible for directing (1) our cybersecurity risk assessment processes, (2) our security processes, and (3) our response to cybersecurity incidents;
•the use of external cybersecurity service providers, where appropriate, to assess, test or otherwise assist with aspects of our security processes;
•cybersecurity awareness training of employees with access to our IT systems and designated security champions throughout the Company’s departments;
•a cybersecurity incident response plan and Security Operations Center (SOC) to respond to cybersecurity incidents;
•a third-party risk management process for service providers.
There can be no assurance that our cybersecurity risk management program, including our controls, procedures and processes, will be fully complied with or that our program will be fully effective in protecting the confidentiality, integrity and availability of our information systems, product and network. See “Risk Factors – Our success depends on the security and integrity of the games we offer, and security breaches or other disruptions could compromise our information or the information of our players and expose us to liability, which would cause our business and reputation to suffer.”
We have not identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected us, including our operations, business strategy, results of operations, or financial condition. We face certain ongoing risks from cybersecurity threats that, if realized and material, are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition. See “Risk Factors – If we sustain cyber-attacks or other privacy or data security incidents that result in security breaches, we could suffer a loss of sales and increased costs, exposure to significant liability, reputational harm and other negative consequences.”
Cybersecurity Governance
Our Board considers cybersecurity risk as critical to the enterprise and delegates the cybersecurity risk oversight function to the Audit Committee. The Audit Committee oversees management’s design, implementation and enforcement of our cybersecurity risk management program.
Our Chief Information Security Officer periodically reports to the Board and leads the Company’s overall cybersecurity function. The Audit Committee receives regular reports from our CISO on our cybersecurity risks, including briefings on our cyber risk management program and any cybersecurity incidents. Board members also receive periodic presentations on cybersecurity topics from our CISO or our Chief Technology Officer.
Our CISO supervises efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, which include briefings from internal security personnel; threat intelligence and other information obtained from governmental, public or private sources, including external cybersecurity service providers; and alerts and reports produced by security tools deployed in the IT environment.
Our CISO is responsible for assessing and managing our material risks from cybersecurity threats. Our CISO has primary responsibility for leading our overall cybersecurity risk management program and supervises both our internal cybersecurity personnel and our external cybersecurity service providers. Our CISO has significant experience in managing and leading IT and cybersecurity teams. Prior to joining the Company, he served as the chief technology officer and cofounder of a company specializing in cybersecurity services and software. Our CISO reports directly to our CTO who has over twenty years of experience in technology and IT including roles at large global companies.