Mediaco Holding Inc. - (MDIA)

10-K Filing Date: April 01, 2024
ITEM 1C. CYBERSECURITY.
As a regular part of our ordinary business operations, we collect and store data, including information necessary for our operations, information from our customers, employees, and our business partners. We recognize these networks and systems may be subject to increasing and continually evolving cybersecurity risks. Our Audit Committee is responsible for overseeing risk management and Cybersecurity is an integral part of the Company's overall risk management program. Our risk management process is designed to identify, prioritize, and monitor risks that could affect our ability to execute our corporate strategy and fulfill our business objectives and to appropriately mitigate such risks.
Our management team is involved in assessing and managing the Company’s material risks from cybersecurity threats, including by hiring appropriate personnel, considering cybersecurity risk in our enterprise risk management strategy, helping prepare for cybersecurity incidents, and participating in the cybersecurity incident response and remediation process for incidents escalated to it including determining materiality. Our management that is involved in these processes includes our Chief Technology Officer, Chief Financial Officer and General Counsel. Management also escalates, as appropriate, reports relating to cybersecurity incidents or threats to our Board or to its Audit Committee.
As part of our risk management processes, we are developing risk assessments to identify the probability, immediacy, and potential magnitude of information security risks. Our internal experts regularly conduct audits and tests of our information systems, and our cybersecurity program is periodically assisted by established, independent third-party consultants, who provide assistance through tabletop and other preparedness exercises. Additionally, we review regular publications on cyber awareness and conduct ongoing simulated phishing exercises. We use the findings from these and other processes to improve our information security practices, procedures and technologies.
While we have not yet experienced any material impacts from a cyber-attack, any one or more future cyber-attacks could materially adversely impact the Company, including a loss of trust among our customers, departures of key employees, general diminishment of our reputation and financial losses from remediation actions, loss of business or potential litigation or regulatory liability. Further, evolving market dynamics are increasingly driving heightened cybersecurity protections and mandating cybersecurity standards for our products, and we may incur additional costs to address these increased risks and to comply with such demands.
See the section titled Item IA. Risk Factors, including “Our business is dependent upon the proper functioning of our internal business processes and information systems. The modification, change of, or interruption of such systems may disrupt our business, processes and internal controls,” for additional information about the risks from cybersecurity threats that may materially affect our business.
19