BuzzFeed, Inc. - (BZFD)

10-K Filing Date: March 29, 2024
ITEM 1C. CYBERSECURITY
Risk Management and Strategy and Governance
We are committed to protecting the security and integrity of our systems, networks, databases and applications and, as a result, have implemented processes designed to prevent, assess, identify, and manage material risks associated with cybersecurity threats. Cybersecurity and risks related to our IT are an important focus of our board of directors’ risk oversight. Our board of directors, with assistance from its audit committee, oversees our cybersecurity risk assessment and response program. The audit committee receives reports at least quarterly from executive management, including our Vice President of IT, on the identification and status of cybersecurity incidents, resolution, recovery and post incident management.
Managing Material Risks and Integrated Overall Risk Management
We have implemented a risk-based approach to identify and assess the cybersecurity threats that could affect our business and information systems. Our cybersecurity risk assessment process evaluates our maturity across key areas of cybersecurity, and incorporates industry standard framework considerations, including the National Institute of Standards and Technology. The cybersecurity management program includes evaluation of our technical, administrative, and end-point security, including encryption, firewalls, security scans and anti-virus systems and logical security controls. We continue to promote a company-wide culture of cybersecurity risk management awareness and cybersecurity considerations are integrated in our decision-making processes. We have an experienced IT team led by our Vice President of IT, who has more than 20 years of industry experience. Our Vice President of IT reports directly to the executive team and works closely with our management team, and where necessary, engages external experts to evaluate and address cybersecurity risks in alignment with our business objectives and operational needs. Our Vice President of IT provides regular updates on cybersecurity to the audit committee of our board of directors.
Engagement of Third Parties on Risk Management
We engage with external experts, including cybersecurity consultants, to support our cybersecurity risk assessment and response program. These partnerships enable us to leverage specialized knowledge and insights. Our collaboration with these third parties includes biennial cybersecurity maturity assessments and consultation on security enhancements.
Risks from Cybersecurity Threats
We have not encountered risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, that have materially affected, or are reasonably likely to materially affect, us, including our business strategy, results of operations or financial condition. From time to time, we experience cybersecurity events that require investigation. For additional information regarding whether any risks from cybersecurity threats, including as a result of any cybersecurity incidents that are reasonably likely to materially affect our company, including our business strategy, results of operations, or financial condition, please refer to Item 1A, “Risk Factors,” in this Annual Report on Form 10-K.