Snail, Inc. 10-K Cybersecurity GRC - 2024-04-01

Page last updated on April 11, 2024

Snail, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-04-01 16:21:45 EDT.

Filings

10-K filed on 2024-04-01

Snail, Inc. filed an 10-K at 2024-04-01 16:21:45 EDT
Accession Number: 0001493152-24-012392

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management, Strategy and Governance. Cybersecurity Risk Management Due to the nature of our business we face a variety of potential cybersecurity risks that are ever evolving and include unauthorized access to our systems and data, disruption of our online game services, theft of intellectual property, and third-party risks as a result of our use of various third party service providers and cloud service providers. The Company s risks related to our end user data is borne by our platform partners as we do not maintain any sensitive information of our players within our infrastructure. There have been no cybersecurity threat events identified during the year ended December 31, 2023, which have resulted in a material incident, or are reasonably likely to result in a material impact on our business strategy, results of operations or financial condition. For more information regarding risks relating to intellectual property and cybersecurity related attacks, see Item 1A of Part I, Risk Factors Risks Related to Intellectual Property and Risk Factors Risks Related to Our Business and Industry of this Annual Report. Cybersecurity Strategy We are working towards the implementation of relevant controls within the National Institute of Standards and Technology ( NIST ) Cybersecurity Framework to better address cybersecurity threats and are actively working to secure additional cybersecurity insurance. The Company has a risk management plan that outlines the processes and procedures we use to identify, assess, mitigate and respond to cybersecurity risks. The plan is designed to protect the Company s assets and safeguard the confidentiality, integrity and availability of its data and operations. Our cybersecurity risk management plan is integrated into the Company s overall risk management process and establishes a clear framework with roles and responsibilities for managing cybersecurity risks. We will also conduct periodic assessments using the NIST framework once implemented. The Company currently uses a variety of security controls, including but not limited to firewalls, intrusion detection systems, data encryption in transit and at rest, and multi-factor authentication. We provide annual training to our employees and educate them on cybersecurity best practices. The Company is also developing a comprehensive incident response plan to detect, respond to, assess the materiality of, and recover from cybersecurity incidents effectively which it expects to be fully implemented during the year ending December 31, 2024. Cybersecurity Governance The Company s executive management considers cybersecurity risk and other information technology risk as part of its risk oversight and has the ultimate responsibility for overseeing our cybersecurity strategy. Furthermore, during the year ended December 31, 2023 we have bolstered our Board of Directors through the appointment of a Director with an extensive history in cybersecurity and a deep understanding of cybersecurity threats which may have a material impact on our business and the video game industry as a whole. Our Director of IT has been with the Company for nine years, has fifteen years of IT experience and has the institutional knowledge to apply our risk management strategy and cybersecurity threat responses to our organization. The Director of IT implements continuous monitoring mechanisms to track cybersecurity risks and controls in real time, utilizing an endpoint detection and response system ( EDR ). Incidents reported by the EDR are assessed and responded to by the Director of IT, then reported to the CEO, who s also the chairman of our corporate governance committee, for review and communicated to the Board of Directors. On a quarterly basis the Director of IT reports cybersecurity monitoring updates to the CEO, coordinates with our newly appointed Board Member to implement our information technology and cybersecurity programs, as well as with our HR Manager to ensure that the Company s employees have the adequate training on cybersecurity best practices.

Company Information