Brag House Holdings, Inc. 10-K Cybersecurity GRC - 2025-05-07

Page last updated on May 26, 2025

Brag House Holdings, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-05-07 17:27:19 EDT.

Filings

10-K filed on 2025-05-07

Brag House Holdings, Inc. filed a 10-K at 2025-05-07 17:27:19 EDT
Accession Number: 0001213900-25-040732

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Risk Management and Strategy Brag House relies on cloud-based infrastructure, proprietary software systems, and third-party service providers to operate its digital media platform, which is focused on engaging Gen Z audiences through casual gaming, college sports, and social experiences. As a technology-enabled media company, we recognize the importance of cybersecurity in protecting our digital assets, user engagement data, and strategic operations. We are in the process of formalizing a cybersecurity risk management program tailored to our current scale and evolving operations. Our risk management efforts are focused on foundational protections, including the use of secure infrastructure (e.g., cloud-hosted environments via Amazon Web Services), hardware-based protections (e.g., exclusive use of Apple systems by key internal personnel such as our Chief Executive Officer), and security features such as multi-factor authentication (MFA) for key accounts and tools. We also maintain a cyber liability insurance policy intended to mitigate potential financial impacts arising from cyber threats. To support our technical development and operational scalability, Brag House partnered and is engaged with two experienced technology companies-Artemis and EVEMeta. Both companies work under the supervision of Brag House executive management and are led by a shared Chief Technology Officer with extensive experience in enterprise-scale software development and infrastructure management. These technology partners are integral to our engineering and product support, and we coordinate closely with them on matters relating to information security, data protection, and secure development practices. We understand that cybersecurity threats-ranging from phishing to more sophisticated forms of intrusion-are dynamic and evolving. While we have not, to date, experienced any cybersecurity incidents that have materially affected our operations, results of operations, or financial condition, we continue to monitor our risk exposure and expect to expand our cybersecurity infrastructure and governance as our business matures. For additional information about risks related to our use of technology and data, see the section entitled “Risk Factors” in this Annual Report on Form 10-K. Governance The oversight of cybersecurity risk at Brag House is currently managed by our senior executive team, including our Chief Executive Officer and Chief Operating Officer, who work closely with our technology partners to monitor, assess, and manage our exposure to cybersecurity threats. While we do not currently maintain an internal Chief Information Security Officer or formal risk committee at the board level, cybersecurity is included as part of our broader operational and strategic risk review process. Our CEO and COO receive regular updates from Artemis and EVEMeta regarding technology system integrity, cybersecurity considerations, and best practices. These updates include assessments of vulnerabilities, product-related security implications, and measures to address emerging risks. As our company continues to grow and mature, we expect to enhance our internal cybersecurity governance processes, including formalizing responsibilities, increasing engagement with external experts, and providing regular briefings to our Board of Directors on relevant cybersecurity developments. We have not identified any cybersecurity incidents or threats that have materially affected us or are reasonably likely to materially affect us. However, like other companies in our industry, we and our third-party vendors have from time-to-time experienced threats to and security incidents relating to our information systems. For more information, please see “Risk Factors - Our business could be adversely affected if our data privacy and security practices are not adequate, or perceived as being inadequate, to prevent data breaches, or by the application of data privacy and security laws generally” and “Risk Factors - A failure of Brag House’s information technology (IT) and data security infrastructure could adversely impact our business, operations, and reputation.”

Company Information