Super League Enterprise, Inc. 10-K Cybersecurity GRC - 2024-04-12

Page last updated on April 15, 2024

Super League Enterprise, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-04-12 19:59:27 EDT.

Filings

10-K filed on 2024-04-12

Super League Enterprise, Inc. filed an 10-K at 2024-04-12 19:59:27 EDT
Accession Number: 0001437749-24-011939

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Risk Management and Strategy We recognize the importance of cybersecurity risk management and have a defined strategy to support our business operations, platforms and information systems. We have implemented a comprehensive cybersecurity program to protect information systems and data. We have based our cybersecurity program on defined industry accepted frameworks with the goal of building enterprise resilience against an evolving cybersecurity threat landscape and to respond to cybersecurity threats as they materialize. Our program includes identification, assessment, monitoring, and management components, as well as informational and escalation components designed to inform management and the Board of prospective risks and developments. Our cybersecurity program encompasses functions dedicated to both proactive and reactive management of cybersecurity threats. We implement our cybersecurity program internally through maintaining cybersecurity policies deploying updated security technologies and using third-party services and consultants to support and improve our cybersecurity program. Our proactive management of cybersecurity risks entails many actions, including actively monitoring our information technology systems engaging service providers to monitor and, as appropriate, respond to cybersecurity threats developing and updating incident response plans to address potential cybersecurity threats and training our personnel on cybersecurity. We engage third-party auditors and consultants and leverage our internal information security, audit, and compliance functions to assess various facets of our cybersecurity program. We also maintain enterprise-wide processes to oversee and identify risks from cybersecurity threats associated with our use of third-party service providers. We assess cybersecurity contingencies within our overall business continuity risk management planning process. Our information technology and information security teams utilize various technology tools to prevent, monitor, detect, and respond to cybersecurity threats. Our incident response policy outlines processes, roles, responsibilities, notifications, and other communications applicable to the assessment, mitigation, and remediation of realized cybersecurity events. The nature and scope of assessed risk of a realized cybersecurity event dictates the pace and extent of relevant processes, and communications, including an evaluation of any necessary or required disclosure. Depending on its nature and scope, a cybersecurity threat may be managed within our IT Department, responsible for day-to-day management of cybersecurity risks, and escalated to our executive management team, the Board, and the Audit Committee, as appropriate. 34 Table of Contents We have not historically been materially impacted by risks from cybersecurity threats and, as of the date of this Annual Report on Form 10-K, we are not aware of any cybersecurity risks that are reasonably likely to materially affect our business. However, the breadth and scope of cybersecurity threats have grown over time and our systems and networks may be the target of increasingly sophisticated cyberattacks. For more information on our cybersecurity risks and their potential impact to our business, see Item 1A, Risk Factors-Risks related to Our Business and Industry - We may experience security breaches and cyber threats and Item 1A, Risk Factors-Risks related to Our Business and Industry - Our business could be adversely affected if our data privacy and security practices are not adequate, or perceived as being inadequate, to prevent data breaches, or by the application of data privacy and security laws generally . Governance Our board considers cybersecurity risk as part of its risk oversight function and has delegated to the Audit Committee (the Committee ) oversight of cybersecurity and other information technology risks. The Committee oversees management s implementation of our cybersecurity risk management program. Our IT Department updates management on cybersecurity matters, including risk assessments, security controls, incident response procedures, employee training and Third-Party Risk Management. The Committee oversees the Company’s cybersecurity risk management and strategy, while management is responsible for implementing the Company’s cybersecurity program. This approach ensures that cybersecurity risks are appropriately prioritized and managed throughout the organization. Our Chief Platform Officer has 25 years of experience in information technology, including cybersecurity, and is supplemented by our VP of Devops, who also has over 15 years of experience in audit, compliance, and cybersecurity, and maintains IT and Ops professional certifications. In addition to the IT Department, the VP of Devops may call upon other business and legal stakeholders across our company to help manage cybersecurity threats and incidents. Our Audit Committee is responsible for oversight of our programs, policies, procedures, and risk management activities related to information security and data protection. The Audit Committee meets periodically with the Chief Platform Officer to discuss threats, risks, and ongoing efforts to enhance cyber resiliency, as well as changes to the broader cybersecurity landscape. Our Board also periodically participates in presentations on cybersecurity and information technology from internal leadership. In addition to periodic presentations, management promptly updates our Board and Audit Committee regarding significant threats and incidents as they arise.

Company Information