NEXSTAR MEDIA GROUP, INC. 10-K Cybersecurity GRC - 2024-02-28

Page last updated on April 11, 2024

NEXSTAR MEDIA GROUP, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-28 15:33:06 EST.

Filings

10-K filed on 2024-02-28

NEXSTAR MEDIA GROUP, INC. filed an 10-K at 2024-02-28 15:33:06 EST
Accession Number: 0000950170-24-021979

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Cybersecurity Governance, Risk Management and Strategy In the current digital environment, companies like ours may be the target of cyber-attacks or other malicious efforts to cause a cyber incident. These cyber incidents can include, but are not limited to, gaining unauthorized access to digital systems for purposes of misappropriating assets or sensitive information, corrupting data or causing operational disruption. The possible consequences of such an attack include but are not limited to loss of data, damage to the Company s reputation, interruptions to our operations, and/or the need to pay ransom. Historically, we have not experienced cybersecurity incidents that materially impacted our business strategy, operating results and financial condition but we cannot guarantee a future cybersecurity incident would not materially impact us. We recognize the importance of maintaining the confidence and trust of our customers, suppliers, employees, audience, and communities by maintaining our data and information security. In managing our cyber risk, we utilize the National Institute of Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity (the NIST Framework ) issued by the U.S. government as a guideline to manage our cybersecurity-related risk. In addition, we have established security control requirements for our third party vendors based on global standards. Our day-to-day cybersecurity efforts are led operationally by our Chief Technology and Digital Officer and Senior Vice President, Technology who have over 10 and 25 years, respectively, of networking and information technology management or executive experience, and oversee a team of in-house cybersecurity specialists. Our Cybersecurity Committee, comprised of representatives from key management groups including accounting, finance, legal, internal audit, and information technology, also supports our cybersecurity efforts. The Cybersecurity Committee consults with representatives from senior management and retains third-party contractors as needed. The role of the Cybersecurity Committee is to oversee cyber risk assessments, monitor applicable key risk indicators, review cybersecurity training procedures, establish cybersecurity policies and procedures, and implement enhancements to our cybersecurity infrastructure. The Cybersecurity Committee meets monthly, or more regularly as necessary, and ensures that senior management, and ultimately, the Board, is given the information required to manage and exercise proper oversight over cybersecurity risks and ensure that escalation procedures are followed in the event of a cybersecurity incident. As part of its role as independent oversight of the key risks facing Nexstar, the Board itself and through its Audit Committee devotes regular and thorough attention to our cybersecurity risk. The Audit Committee receives quarterly (or more frequent as necessary) reports from senior financial executives and Nexstar s Chief Technology and Digital Officer to evaluate cybersecurity and data risks. Such reporting includes updates on the Company s cybersecurity program, the external threat environment, and the Company s programs to address and mitigate the risks associated with the evolving cybersecurity threat landscape. In accordance with our Cyber Incident Response Plan, the Audit Committee is promptly informed of any cybersecurity incidents that could potentially materially adversely affect the Company or its information systems and is regularly updated about incidents with lesser impact potential. The Audit Committee and management regularly brief the full Board on these matters as well. For additional discussion of certain risks associated with cybersecurity, see Risk Factors under the heading Cybersecurity risks could affect the Company s operating effectiveness. 29

Company Information