GoPro, Inc. - (GPRO)
10-K Filing Date: February 09, 2024
Item 1C. Cybersecurity
The security of personal data is of the utmost importance to GoPro and our customers, vendors, suppliers, and employees. As such, we have implemented industry-standard administrative, technical, and physical security measures to protect against the unauthorized access, destruction, or alteration of our confidential and proprietary information and customer and employee information.
Governance
Our Chief Information Security Officer (CISO) oversees our information security program and is responsible for leading and implementing, with a cross functional team, our cybersecurity strategy, policy, architecture, and risk management processes. Our CISO has over 30 years of experience in cybersecurity, serving as a Security Officer while in the United States Navy and CISO at Amgen and Warner Bros and in various other Cybersecurity roles at KPMG and Forrester.
38
The Audit Committee of our board of directors (Audit Committee) has oversight responsibility for our cybersecurity program and reviews with management the Company’s policies and procedures for identifying, assessing, managing, and monitoring information security and cybersecurity risks.
The CISO provides regular updates to the Audit Committee on cybersecurity and other risks relevant to our information technology environment, including developments in the cybersecurity space and evolving standards, the results of periodic exercises and response readiness assessments and we adjust our cybersecurity policies, standards, processes, and practices as necessary based on the information provided by these assessments, audits, and reviews. Our cybersecurity program is regularly evaluated by internal and external experts with the results of those reviews reported to senior management and the Audit Committee.
Risk Management and Strategy
Our periodic assessment and testing of policies, standards, processes and practices that are designed to address cybersecurity threats and incidents include a wide range of activities, including audits, assessments, tabletop exercises, threat modeling, vulnerability testing and other exercises focused on evaluating the effectiveness of our cybersecurity measures and planning. We regularly engage third parties to perform assessments on our cybersecurity measures, including information security maturity assessments, audits, and independent reviews of our information security control environment and operating effectiveness.
We also actively engage with key vendors, industry participants, and intelligence and law enforcement communities as part of our continuing efforts to evaluate and enhance the effectiveness of our information security policies and procedures. We regularly train all employees on cybersecurity risks, such as phishing attacks, and employees are required to acknowledge our cybersecurity policy annually through our Code of Conduct.
Risks from Cybersecurity Threats
No previous cybersecurity incidents have materially affected us, including our business strategy, results of operations or financial condition. Future cybersecurity threats or incidents may materially affect our business strategy, results of operations or financial condition.