Inuvo, Inc. 10-K Cybersecurity GRC - 2024-02-29

Page last updated on April 11, 2024

Inuvo, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-29 16:56:48 EST.

Filings

10-K filed on 2024-02-29

Inuvo, Inc. filed an 10-K at 2024-02-29 16:56:48 EST
Accession Number: 0001654954-24-002423

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY The Company has processes for assessing, identifying, and managing material risks from cybersecurity threats. These processes are integrated into the Company s overall risk management systems, as overseen by the Company s board of directors, primarily through its audit committee. These processes also include overseeing and identifying risks from cybersecurity threats. The Company conducts security assessments of certain third-party providers before engagement and has established monitoring procedures in its effort to mitigate risks related to data breaches or other security incidents originating from third parties. The Company from time to time engages third-party consultants in evaluating and testing the Company s risk management systems and assessing and remediating certain potential cybersecurity incidents as appropriate. Governance Board of Directors The audit committee of the Company s board of directors oversees, among other things, the adequacy and effectiveness of the Company s internal controls, including internal controls designed to assess, identify, and manage material risks from cybersecurity threats. The audit committee is informed of material risks from cybersecurity threats pursuant to the Company s disclosure controls and procedures and the audit committee provides updates to the Company s board of directors at regular board meetings. Management Under the oversight of the audit committee of the Company s board of directors, and as directed by the Company s Chief Executive Officer, the Company s Director of Information Technology (DIT) is primarily responsible for the assessment and management of material cybersecurity risks. The DIT has over 25 years of experience in information security, risk management, and compliance, has served essential security and audit roles at other organizations, is a member of InfraGard, and is a CISSP (Certified Information Systems Security Professional). The DIT is supported by members of senior management who provide cross-functional support for cybersecurity risk management and facilitate the response to any cybersecurity incidents. The Company s DIT oversees the Company s cybersecurity incident response plan and related processes that are designed to assess and manage material risks from cybersecurity threats. The Company s DIT also coordinates with the Company s legal counsel and third parties, such as consultants, to assess and manage material risks from cybersecurity threats. The Company s DIT is informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity incidents pursuant to criteria set forth in the Company s incident response plan and related processes. The Company s Disclosure Committee, with the assistance of the DIT, is responsible for overseeing the establishment and effectiveness of controls and other procedures, including controls and procedures related to the public disclosure of material cybersecurity matters. The Company s Disclosure Committee is comprised of, among others, the Company s Chief Executive Officer, President, Chief Financial Officer, General Counsel, and Senior Vice Presidents. The Company s DIT, or a delegate, informs the Disclosure Committee of certain cybersecurity incidents that may potentially be determined to be material pursuant to escalation criteria set forth in the Company s incident response plan and related processes. As of the date of this Form 10-K, the Company is not aware of any cybersecurity incidents that have materially affected or are reasonably likely to materially affect the Company, including its business strategy, results of operations, or financial condition and that are required to be reported in this Form 10-K. For further discussion of the risks associated with cybersecurity incidents, see the cybersecurity risk factor beginning on page 8 of the section entitled Item 1A. Risk Factors in this Form 10-K. 13 Table of Contents

Company Information