Falcon's Beyond Global, Inc. 10-K Cybersecurity GRC - 2024-04-29

Page last updated on April 29, 2024

Falcon’s Beyond Global, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-04-29 08:33:43 EDT.

Filings

10-K filed on 2024-04-29

Falcon’s Beyond Global, Inc. filed an 10-K at 2024-04-29 08:33:43 EDT
Accession Number: 0001213900-24-036854

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy We recognize the importance of cybersecurity risk and the protection of information across our enterprise and have been working towards the integration of our processes for assessing, identifying, and managing risks from cybersecurity threats into our overall risk management system. As further described in Item 1A Risk Factors , our operations rely on the secure processing, storage and transmission of confidential and other information as well as personal information in our computer systems and networks. 56 We rely on third parties for a significant portion of our information technology functions and conduct periodic risk assessments with assistance from a third-party consultant. We also rely on third-party hardware, software, network infrastructure, storage systems and vendors to maintain and upgrade our technology systems in order to support our business operations. Computer viruses, hackers, employee misconduct and other external hazards can expose our information systems to security breaches, cybersecurity incidents or other disruptions, any of which could materially and adversely affect our business. As previously disclosed, in May 2023, we experienced a network intrusion in which an unauthorized third party accessed and exfiltrated certain information from specific systems. In response to this incident, we secured our digital assets within our computer systems, promptly shut down our financial reporting systems on a temporary basis and commenced an investigation with assistance from an outside cybersecurity firm. In connection with this incident, we have incurred certain incremental one-time costs of $0.3 million during the 2023 fiscal year related to consultants, experts and data recovery efforts, and expect to incur additional costs related to cybersecurity protections in the future. Although we have not been the subject of any legal proceedings involving cybersecurity incidents, it is possible that we could be the subject of claims from persons alleging that they suffered damages from such incidents. We have implemented a variety of measures to enhance our cybersecurity protections and minimize the impact of any future attack, including by (i) requiring that all external vendors who need to access any internal/cloud resources utilize secure encrypted tunnels or be physically internal and utilize authorized terminals with provided credentials, (ii) conducting security awareness training for our staff and (iii) requiring longer log retention for all tracking telemetry information. However, cybersecurity threats are constantly evolving, and there can be no guarantee that a future cybersecurity event will not occur. The sophistication of cybersecurity threats continues to increase, and the controls and preventative actions we take to reduce the risk of cybersecurity incidents and protect our systems, including through the regular testing of our cybersecurity incident response plan, may be insufficient. In addition, new technology that could result in greater operational efficiency such as the use of artificial intelligence may further expose our computer systems to the risk of cybersecurity incidents. Governance As part of our overall risk management approach, we seek to prioritize the identification and management of cybersecurity risk at several levels in our organization, including through oversight by our Board of Directors and management team. Our Board of Directors oversees risk from cybersecurity threats and our procedures for protecting our cybersecurity infrastructure, and members of management responsible for our cybersecurity risk management program are expected to periodically report to the Board of Directors regarding cybersecurity risk. Our Executive Vice President of Technology has nearly 20 years of experience working in technology and technology infrastructure and has completed college coursework in computer engineering. Together with our Chief Corporate Officer and Chief Development Officer, our Executive Vice President of Technology oversees our cybersecurity risk management processes, including those described in Risk Management and Strategy above. Our cybersecurity risk management program seeks to implement tools and activities to prevent, detect, and analyze current and emerging cybersecurity threats, as well as strategies to address threats and incidents. At the employee level, we maintain an information technology team tasked with implementing our privacy and cybersecurity program and who support management in reporting, security and mitigation functions. We also hold employee trainings on privacy and cybersecurity, records and information management, conduct phishing tests and generally seek to promote awareness of cybersecurity risk through communication and education of our employee population. 57

Company Information