Innovid Corp. 10-K Cybersecurity GRC - 2024-02-29

Page last updated on April 11, 2024

Innovid Corp. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-29 16:29:44 EST.

Filings

10-K filed on 2024-02-29

Innovid Corp. filed an 10-K at 2024-02-29 16:29:44 EST
Accession Number: 0001835378-24-000010

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy Innovid recognizes the importance of cybersecurity risk management and a well-defined strategy to support our business operations, platforms and information systems. We have implemented a comprehensive cybersecurity program to protect information systems and data. The cybersecurity program is designed and based on the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF). This does not imply that we meet any particular technical standards, specifications, or requirements, only that we use the NIST CSF as a guide to help us identify, assess, and manage cybersecurity risks relevant to our business. Our program includes the following key components to identify, assess, and manage cybersecurity risks that may impact our business operations, including risks related to unauthorized access, use, disclosure, or destruction of confidential information. Risk Assessment: We routinely conduct comprehensive assessments of our information systems, meticulously evaluating and identifying material risks to discern potential vulnerabilities and threats that may jeopardize the security and integrity of our data, platforms or information systems. Security Controls: We implement appropriate security controls to protect our platforms and information systems from unauthorized access, use, disclosure, or destruction. 45 Table of Contents Incident Response: We have established an incident response plan that sets out our procedures for responding to cybersecurity incidents and minimizing the impact of such incidents on our business operations. Employee Training: We provide regular training on cybersecurity best practices and procedures training. Third-Party Risk Management: We have a third-party risk management process for assessing the risk of service providers, suppliers, and vendors. There can be no assurance that our cybersecurity program and processes, including our policies, controls or procedures, will be fully implemented, complied with or are effective in protecting our systems and information. In addition, we maintain open communication with management and the board regarding cybersecurity risks and incidents. We have not identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, tat have materially affected or are reasonably likely to affect us, including our operations, business strategy, results of operations, or financial condition. Cybersecurity Governance Our board considers cybersecurity risk as part of its risk oversight function and has delegated to the Audit Committee (the Committee ) oversight of cybersecurity and other information technology risks. The Committee oversees management s implementation of our cybersecurity risk management program. Our Chief Information Security Officer ( CISO ) regularly updates management and the Committee on cybersecurity matters, including risk assessments, security controls, incident response procedures, employee training and Third-Party Risk Management. The Committee oversees the company’s cybersecurity risk management and strategy, while management is responsible for implementing the company’s cybersecurity program. This approach ensures that cybersecurity risks are appropriately prioritized and managed throughout the organization.

Company Information