Reservoir Media, Inc. 10-K Cybersecurity GRC - 2025-05-28

Page last updated on May 30, 2025

Reservoir Media, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-05-28 16:05:31 EDT.

Filings

10-K filed on 2025-05-28

Reservoir Media, Inc. filed a 10-K at 2025-05-28 16:05:31 EDT
Accession Number: 0001410578-25-001379

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity We maintain robust and comprehensive processes, procedures and controls to protect and secure our information systems and data infrastructure from cybersecurity threats. Our cybersecurity program is led by our Vice President of Technology , who functions as our chief information security officer (" CISO “). Our CISO has over 20 years of experience in information technology leadership and information security, serving in roles of increasing responsibility within private and public companies. Our cybersecurity program interfaces with other functional areas within the Company, including but not limited to our business segments and information technology (” IT “) and legal departments, as well as external third-party partners , to identify and understand potential cybersecurity threats, including those associated with any third-party service providers we may use. We regularly assess and update our processes, procedures and management techniques in light of ongoing cybersecurity developments. We also have a cybersecurity specific risk assessment process, which helps identify our cybersecurity threat risks by comparing our processes to standards set by the International Organization for Standardization (” ISO “). Our cybersecurity risk program is integrated into our overall enterprise risk management assessment, and shares common methodologies, reporting channels and governance processes that apply across the enterprise risk management program. Internally, the CISO coordinates oversight of reviewing security alerts, identifying and monitoring ongoing and potential cybersecurity threats, evaluating strategic business impacts of cybersecurity threats and developing programs and initiatives to educate our employees regarding cybersecurity. The CISO also manages our Incident Response Team, which includes a team comprised of executives from various cross - functional management teams, internal technical support roles and external third - party service providers. The Incident Response Team will analyze and, as necessary, escalate cybersecurity incidents both internally and with third - party service providers based on type and severity of the specific incident. We also require cybersecurity training for relevant employees, focusing on the appropriate protection and security of confidential company and third-party information. The IT team provides regular updates to senior management on various cybersecurity threats, assessments and findings, and the effectiveness of the Company’s cyber risk management program. Our Board of Directors through the Audit Committee oversees our risk management , including our information technology and cybersecurity policies, procedures, and risk assessments . Management reports to our Disclosure Committee and Board of Directors on information security matters as necessary, regarding any significant cybersecurity incidents, as well as any incidents with lesser impact potential. As of the date of this Form 10-K, the Company is not aware of any cybersecurity incidents that have materially affected or are reasonably likely to materially affect the Company, including its business strategy, results of operations, or financial condition and that are required to be reported in this Form 10-K. However, the sophistication of cyber threats continues to increase, and the preventative actions we have taken and continue to take to reduce the risk of cyber incidents and protect our systems and information may not successfully protect against all cyber incidents. Should any reportable cybersecurity incident arise, our management shall promptly report such matters to our Board of Directors for further action, including regarding the appropriate disclosure in accordance with SEC regulations, mitigation, and other response or actions that the Board of Directors deems appropriate. For more information on how cybersecurity risk may materially affect our business strategy, results of operations, or financial condition, please refer to Item 1A Risk Factors-If we or our service providers do not maintain the security of information relating to our customers, employees and vendors and our music, security information breaches through cyber security attacks or otherwise could damage our reputation with customers, employees, vendors and artists, and we could incur substantial additional costs, become subject to litigation and our results of operations and financial condition could be adversely affected.”

Company Information