MARKETWISE, INC. 10-K Cybersecurity GRC - 2024-03-07

Page last updated on April 11, 2024

MARKETWISE, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-07 07:33:42 EST.

Filings

10-K filed on 2024-03-07

MARKETWISE, INC. filed an 10-K at 2024-03-07 07:33:42 EST
Accession Number: 0001628280-24-009542

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. Cybersecurity Risk Management and Strategy We maintain a cybersecurity program, including policies and procedures designed to protect our systems, operations, and the data utilized and entrusted to us, including by us, from anticipated threats or hazards. We utilize a variety of protective measures as a part of our cybersecurity program. These measures include, where appropriate, access controls, patch management, identity verification and endpoint management software, employee cybersecurity awareness training programs, tools to report anomalous activity, and monitoring of data usage, hardware and software. Incident Response and Recovery Planning. We have established and maintain incident response and recovery plans that address our response to a cybersecurity incident, and such plans are evaluated on a regular basis. Third-Party Risk Management. We maintain a risk-based approach to identifying and overseeing cybersecurity risks presented by third parties, including vendors, service providers and other external users of our systems, as well as the systems of third parties that could adversely impact our business in the event of a cybersecurity incident affecting those third-party systems. Education and Awareness. We provide regular training for our employees regarding cybersecurity threats and our security policies to equip our employees with tools to address cybersecurity threats, and to communicate our evolving information security policies, standards, processes and practices. In addition to our internal exercises to test aspects of our cybersecurity program, we periodically engage independent third parties to assess the risks associated with our information technology resources and information assets. Among other matters, these third parties analyze data on the interactions of users of our information technology resources, including our employees, and conduct penetration tests and scanning exercises to assess the performance of our cybersecurity systems and processes. We have not identified any cybersecurity threats that have materially affected or are reasonably likely to materially affect our business strategy, results of operations, cash flows, or financial condition. However, despite our efforts, we cannot eliminate all risks from cybersecurity threats, or provide assurances that we have not experienced undetected cybersecurity incidents. Cybersecurity Governance Our Board, in coordination with the Nominating and Governance ( Nom Gov ) Committee, oversees our cybersecurity program, including the management of risks from cybersecurity threats. The Nom Gov Committee receives regular presentations and reports on cybersecurity risks from our Chief Information Officer ( CIO ), which address a wide range of topics including recent developments, vulnerability assessments, third-party and independent reviews, the threat environment, incident response planning, remediation efforts, employee training and awareness (including the results of our annual cybersecurity training), and information security considerations arising with respect to our peers and third parties. On a regular basis, our Nom Gov Committee discusses our approach to cybersecurity risk management with our CIO, including planned initiatives to help the Board evaluate the effectiveness of our cybersecurity program. The Board receives occasional updates from the Nom Gov Committee and CIO on the effectiveness of our cybersecurity program. When appropriate, the Board also receives reports concerning the detection, mitigation and remediation of cybersecurity threats and incidents Our CIO has over 25 years of software engineering experience including over ten years of being responsible for MarketWise s cybersecurity. In coordination with our executive team, our CIO and our Senior Vice President of IT Operations work collaboratively across the Company to implement a program intended to protect our information 41 systems from cybersecurity threats and to promptly respond to any cybersecurity incidents in accordance with our incident response plan. Our CIO and management monitor the prevention, detection, mitigation and remediation of cybersecurity threats and incidents in real time and report such threats and incidents to the Board.

Company Information