Fluent, Inc. 10-K Cybersecurity GRC - 2024-04-02

Page last updated on April 11, 2024

Fluent, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-04-02 16:41:53 EDT.

Filings

10-K filed on 2024-04-02

Fluent, Inc. filed an 10-K at 2024-04-02 16:41:53 EDT
Accession Number: 0001437749-24-010639

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. We have made cybersecurity and the protection of our customer’s data a top priority. The critical areas that we consider for our evolving cybersecurity program include access control data encryption SSDLC/change management BCP/DRP endpoint security patch management vulnerability assessments compliance management data privacy incident response monitoring, alerting, and lodging employee training and cyber insurance. Risk Management & Strategy Our cyber risk management program is designed to identify, assess, manage, mitigate, and respond to cybersecurity threats. To help protect our company from a major cybersecurity incident that could have a material impact on operations or our financial results, we have implemented policies, procedures, programs and controls, including investments in technology that focus on cybersecurity incident prevention, identification and mitigation. The underlying controls of the cyber risk management program are based on recognized best practices and standards for cybersecurity and information technology, including the National Institute of Standards and Technology (“NIST”). We execute an NIST 800 - 53 review annually and use the results of existing cyber risks to prioritize projects designed to address these gaps and create a go-forward strategy. Our internal and external auditors review our IT and cybersecurity controls annually for design and operating effectiveness. Governance Our Cybersecurity Program is governed by the Company’s IT and Legal and Compliance teams. Our Chief Technology Officer (“CTO”) has over 20 years of experience in marketing technology and analytics. Our Vice President of IT Governance, Risk and Compliance (“VP of IT”) has over 20 years of experience in IT internal and external audits, IT consulting, and governance, risk, and compliance. Our General Counsels regularly coordinates with the IT team on data security and compliance issues. The CTO and General Counsels report directly to the Chief Executive Officer (“CEO”), so any material issues are raised to CEO, and a status of key cybersecurity projects and any material breaches is provided quarterly to the Board’s Audit Committee, which includes both an internal and external audit. Incident Disclosure and Materiality Our incident management procedures include identification, evaluation, definition, and escalation based on the determination of materiality. This determination involves the Company’s IT and Legal and Compliance teams, executive officers, and cyber insurance provider. Breach notifications and escalation to the Audit Committee would also be based on the materiality determination. Each quarter, the VP of IT provides an update on key cybersecurity projects and any material breaches at the quarterly Audit Committee meeting, at which both the internal and external auditors are present. While we did not experience a material cybersecurity incident during the year ended December 31, 2023, the scope and impact of any future incident cannot be predicted. Notwithstanding the approach we take to cybersecurity, we may not be successful in preventing or mitigating a cybersecurity incident that could have a material adverse effect on our business, results of operations, or financial condition. See Item 1A. “Risk Factors” for more information on our cybersecurity-related risks.

Company Information