Taboola.com Ltd. 10-K Cybersecurity GRC - 2024-02-28

Page last updated on April 11, 2024

Taboola.com Ltd. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-28 06:11:44 EST.

Filings

10-K filed on 2024-02-28

Taboola.com Ltd. filed an 10-K at 2024-02-28 06:11:44 EST
Accession Number: 0001140361-24-009866

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C: CYBERSECURITY Cybersecurity Risk Management At Taboola, cybersecurity risk management is an integral part of our overall enterprise risk management program. We have developed and implemented a cybersecurity risk management program intended to protect the confidentiality, integrity, and availability of our critical systems and information. 57 Table of Contents Our cybersecurity risk management program is based on ISO 27001 standards, which provide a framework and guidelines for implementing and managing an information security system, handling cybersecurity threats and incidents, including threats and incidents relevant to our business, and facilitates coordination across different departments of our Company. Since 2019, Taboola has held an ISO 27001 certification which is audited annually. This framework includes steps for assessing the severity of a cybersecurity threat, identifying the source of a cybersecurity threat including whether the cybersecurity threat is associated with a third-party service provider, implementing cybersecurity countermeasures and mitigation strategies and informing management and our board of directors, as appropriate, of material risks from cybersecurity threats and incidents. As part of this framework, we ve incorporated third-party service provider cyber qualification processes and supply chain risk management. Our cybersecurity team regularly engages external cybersecurity consultants for risk assessment, security testing and system enhancements. In addition, we provide employees annual cybersecurity training and also provide cybersecurity training for new hires. Our board of directors has overall oversight responsibility for our risk management and is charged with oversight of our cybersecurity risk management program. The board of directors is responsible for ensuring that management has processes in place designed to identify and evaluate cybersecurity risks to which the Company is exposed and implement processes and programs to manage cybersecurity risks and mitigate cybersecurity incidents. Management is responsible for identifying, considering and assessing material cybersecurity risks on an ongoing basis, establishing processes to ensure that such potential cybersecurity risk exposures are monitored, putting in place appropriate mitigation measures and maintaining cybersecurity programs. Our cybersecurity programs are under the direction of our Vice President, Information Technology & Cybersecurity, or VP Cybersecurity, who together with our cybersecurity team, monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents. Our VP Cybersecurity and members of the cyber security team hold multiple industry recognized cyber security certifications and together have decades of experience, including industry, military and government cyber experience. The Company s VP Cybersecurity updates the board of directors on the Company s cybersecurity programs, material cybersecurity risks and mitigation strategies and provides cyber security reports at least annually that cover, among other topics, third-party assessments of the Company s cybersecurity programs, developments in cybersecurity and updates to the Company s cybersecurity programs and mitigation strategies. In 2023, we did not identify any cybersecurity threats that have materially affected or are reasonably likely to materially affect our business strategy, results of operations, or financial condition. However, despite our efforts, we cannot eliminate all risks from cybersecurity threats, or provide assurances that we have not experienced any undetected cybersecurity incidents. For more information about these risks, refer to Part 1, Item 1A, Risk Factors in this Annual Report.

Company Information