PodcastOne, Inc. - (PODC)

10-K Filing Date: July 01, 2024
Item 1C. Cybersecurity

 

Risk Management and Strategy

 

We perform a formal risk assessment each year. As part of our risk assessment, we consider the potential for cybersecurity threats, including but not limited to interruptions, outages and breaches to its operational and financial systems. We have policies, processes, internal controls and tools to assess, identify, and manage material risks from potential cybersecurity threats. We utilize a combination of cybersecurity awareness training, manual processes, specialized software and automated tools, and third-party assessments to build our cybersecurity program. We engage third-party service providers, with significant information technology and cybersecurity experience, to assist with designing, implementing and managing our information technology infrastructure and cybersecurity program. We are also currently developing a cybersecurity incident response plan that establishes a formal framework for responding to cybersecurity incidents, including defining what constitutes a reportable cybersecurity incident; establishing specific escalation and communication channels; identifying parties responsible for managing and responding to each incident; and other preparedness and response activities.

 

Governance

 

The Audit Committee of our board of directors provides oversight over our internal control program, including the adequacy and effectiveness of our information technology infrastructure and cybersecurity program. Each quarter, our management provides updates to the Audit Committee regarding our internal control program, including any significant changes to its information technology infrastructure or cybersecurity program. Our management also reports any material risks from cybersecurity threats to the Audit Committee. Our management periodically provides the Audit Committee with updates on cybersecurity risks and/or trends.

 

Our management team, specifically our Chief Executive Officer and Chief Financial Officer, are responsible for the day-to-day administration of our business operations, including our risk management of cybersecurity risks. Our management is responsible for the design and implementation of policies, processes and internal controls to manage our cybersecurity risks. Our management team regularly meets with their information technology resources, including our third-party service providers, to ensure that we are appropriately positioned to manage our cybersecurity risks. Our management team also sponsors periodic cybersecurity awareness training for employees.

 

As of the date of this Annual Report, we are not aware of any cybersecurity threats that have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations or financial condition. For further discussion of the cybersecurity risks, see “Part I—Item 1A. Risk Factors,” specifically the risk titled "We are subject to cybersecurity risks to our systems, infrastructure, and technology, and data processed by us or third-party vendors.” No matter how well designed or implemented our internal controls are, we will not be able to anticipate all cybersecurity threats, and we may not be able to implement effective preventive or detective measures against such security breaches in a timely manner. While we maintain insurance that may cover certain liabilities in connection with certain disruptions, security breaches, and incidents, there can be no guarantee that our insurance coverage will be adequate to compensate us for the potential losses.