GAN Ltd 10-K Cybersecurity GRC - 2024-03-13

Page last updated on April 11, 2024

GAN Ltd reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-13 06:31:37 EDT.

Filings

10-K filed on 2024-03-13

GAN Ltd filed an 10-K at 2024-03-13 06:31:37 EDT
Accession Number: 0001493152-24-009759

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY In the ordinary course of our business, we collect, process, store, and transmit players data, including confidential, sensitive, proprietary, and personal information. Maintaining the confidentiality, integrity and availability of our information technology systems and data, as well as appropriate limitations on access to such information, is important to our operations and business strategy. To this end, we have implemented various Information Security programs aligned to ISO and NIST cyber security frameworks with functions incorporating the Identify , Protect , Detect , Respond , and Recover concepts. They are designed to assess, identify, and manage risks from potential unauthorized occurrences on or through our information technology systems that may result in adverse effects on the confidentiality, integrity, and availability of these systems and the data residing in them. The security program is managed and monitored by a dedicated Information Security team, which is led by our Vice President of Global Information Security, the Company s designated Chief Information Security Officer ( CISO ), and includes mechanisms, controls, technologies, systems, policies and other processes designed to prevent, detect, respond, and recover from data loss, theft, misuse, or other security incidents or vulnerabilities affecting the systems and data residing in them. For example, we have adopted a risk-based approach to security which includes continuous risk assessments, vulnerability scans and periodic penetration and testing. We perform due diligence on our key technology vendors and other contractors and suppliers. We also conduct employee training on cyber and information security, among other topics. Our security program is subjected to independent external audits annually to evaluate the effectiveness of our security program and identify areas for continuous improvement. Our CISO, who reports directly to the Chief Technology Officer, is a Certified Information Systems Security Professional with over 20 years of experience managing information technology and cybersecurity matters, including more than four years in gaming and two years at GAN Limited. Members of the information security team who support the security program hold relevant educational and professional credentials with experience in similar roles from other technology companies. The CISO and Information Security team, together with our Privacy and Data Protection Team, led by a dedicated Data Protection Officer are responsible for assessing and managing cybersecurity risks. We consider cybersecurity, along with other significant risks that we face, within our overall enterprise risk management framework. In the last fiscal year, we have not identified any prior cybersecurity incidents that have materially affected us, but we face certain ongoing risks from cybersecurity threats that, if realized, are reasonably likely to materially affect us. Additional information on cybersecurity risks we face is discussed in Part I, Item 1A, Risk Factors . The Board of Directors, as a whole and at the committee level, has oversight for the most significant risks facing us and for our processes to identify, prioritize, assess, manage, and mitigate those risks. The Board of Directors receive updates on cybersecurity and information technology matters and related risk exposures from our CISO and CTO as well as other members of the senior leadership team.

Company Information