PLBY Group, Inc. 10-K Cybersecurity GRC - 2024-03-29

Page last updated on April 11, 2024

PLBY Group, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-29 15:24:41 EDT.

Filings

10-K filed on 2024-03-29

PLBY Group, Inc. filed an 10-K at 2024-03-29 15:24:41 EDT
Accession Number: 0001803914-24-000022

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy We understand our responsibility to assess, identify, and manage material risks associated with cybersecurity threats and incidents, as such terms are defined in Item 106(a) of Regulation S-K. Such risks include, among other things: operational disruptions, intellectual property theft, fraud, extortion, harm to employees or customers and violation of data privacy and/or security laws. Identifying, assessing and managing cybersecurity risk is part of our overall risk management strategy. Cybersecurity risks related to our business, technical operations, privacy and compliance requirements are identified and addressed through third party security software, information technology (IT) security protocols, governance oversight, and risk and compliance reviews. To defend, detect and respond to cybersecurity incidents, we, among other things: conduct routine privacy and cybersecurity reviews of systems and applications, conduct employee training, monitor emerging laws and regulations related to data protection and information security (including with respect to our digital products) and implement changes as necessary. Our cybersecurity program is primarily overseen by our Interim Chief Information Officer and Senior Director of IT Infrastructure. They work closely with their information technology team and our senior management to develop and advance our cybersecurity strategy, as well as to respond to cybersecurity incidents. Our cybersecurity leaders report to our Chief Operating Officer and General Counsel on cybersecurity matters and collaborate with technical and business stakeholders across our business units to assess risks and implement strategies. 36 With the assistance of third-party software, including appropriate firmware, we manage cybersecurity risk through establishing defenses against incidents, detecting and reporting cybersecurity incidents, analyzing and assessing incidents and potential responses, implementing applicable containment, eradication and recovery actions, and understanding the reasons leading to a cybersecurity incident and appropriate changes to avoid further incidents. We perform routine reviews of our service providers, for third-party risk management, and regularly push out security updates across our business. Our cybersecurity measures are intended to protect against unauthorized access to information, and they include authentication technology, entitlement management, access control, anti-malware software, and transmission of data firewalls. We describe whether and how risks from identified cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition, in our risk factor disclosures in Item 1A of this Annual Report on Form 10-K. During the years ended December 31, 2022 and 2023, we did not, to our knowledge, experience any cybersecurity incidents or breaches that materially impacted our business, performance or results. Governance Our Board has overall responsibility for risk oversight, with its committees assisting the Board in performing this function based on their respective areas of expertise. Our Board has delegated primary oversight of risks related to cybersecurity to the Audit Committee of the Board, which reports on its activities and findings to the full Board as appropriate. The Audit Committee is charged with reviewing our cybersecurity processes for assessing key strategic, operational, and compliance risks. Our General Counsel, Chief Operating Officer and/or our Interim Chief Information Officer (as applicable) provide information to the Audit Committee on cybersecurity risks from time to time or as needed. These briefings include assessments of cybersecurity risks, information regarding any incidents, and cybersecurity risk management needs. Our Interim Chief Information Officer and his team, including the Senior Director of IT Infrastructure have extensive experience in cybersecurity, complemented by industry-standard certifications, and are committed to safeguarding organizational assets and mitigating cybersecurity risks effectively while efficiently leveraging cloud technologies to meet the needs of our business. In the event of a potentially material cybersecurity event, the Chair of the Audit Committee is notified and briefed, and meetings of the Audit Committee and/or full Board would be held, as appropriate.

Company Information