CuriosityStream Inc. 10-K Cybersecurity GRC - 2024-03-25

Page last updated on April 11, 2024

CuriosityStream Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-25 16:21:07 EDT.

Filings

10-K filed on 2024-03-25

CuriosityStream Inc. filed an 10-K at 2024-03-25 16:21:07 EDT
Accession Number: 0001628280-24-012902

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity
ITEM 1C. CYBERSECURITY We have established a comprehensive, enterprise-wide information security program designed to identify, protect against, detect, respond to, and manage reasonably foreseeable cybersecurity risks and threats. This program is seamlessly integrated into our overall risk management and internal control systems, subject to regular reviews by senior management. It significantly enhances the security, confidentiality, integrity, and availability of the personal and sensitive information we collect, create, use, and maintain. By conducting regular risk assessments, we believe we effectively manage both internal and external cybersecurity threats. Our cybersecurity strategy is specifically tailored to our organization’s size, scope, and business needs, emphasizing the protection of customer and employee data. Our security infrastructure includes advanced tools and protocols, such as firewall protections, secure user authentication, and up-to-date antivirus and internet security software, which we believe are fundamental components of our operational protocols designed to mitigate vulnerabilities and efficiently address security incidents. We also assess and manage cybersecurity risks associated with our third-party service providers. We require the implementation of security measures that align with our established security policies and protocols as well as compliance with applicable legal requirements. The ongoing improvement of our cybersecurity measures is overseen by our Vice President of Engineering, who is part of our Chief Operating Officer organization and manages the Information Technology team, and the designated Data Security Coordinator, encompassing regular program reviews, risk assessments, and employee training sessions to fortify our proactive security posture. We do not employ or engage any third parties to assist with cybersecurity consulting or monitoring other than technical support teams from our application vendors. In the normal course of business, we proactively manage and monitor cybersecurity activities. To date, these efforts have successfully prevented any incidents that could materially affect our business strategy, operational results, or financial condition. We remain vigilant and are not currently aware of any threats that pose a material risk. We believe our detailed incident response procedures enable us to effectively manage and mitigate the impacts of security breaches. Continuous monitoring and post-incident analysis further refine our security strategies, enhancing our protective measures. Our Board and the Audit Committee provide oversight over our cybersecurity efforts and stay regularly informed on cybersecurity matters, including emerging risks and mitigation strategies, to ensure informed governance over our enterprise risk assessments and cybersecurity approach. Cybersecurity matters are discussed regularly with senior management, and any significant cybersecurity events are promptly reported to the Board. For additional information about cybersecurity risks, see Risk Factors, Any significant disruption in or unauthorized access to our computer systems or those of third parties that we utilize in our operations, including those relating to cybersecurity or arising from cyber-attacks, could result in a loss or degradation of service, unauthorized access, harm to our reputation, disclosure or destruction of data, including user and corporate information, or theft of intellectual property, including digital content assets, which could adversely impact our business.

Company Information