MNTN, Inc. 10-K Cybersecurity GRC - 2026-02-19

Page last updated on February 19, 2026

MNTN, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-02-19 21:47:31 EST.

Filings

10-K filed on 2026-02-19

MNTN, Inc. filed a 10-K at 2026-02-19 21:47:31 EST
Accession Number: 0001891027-26-000019

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy We have established policies and processes for assessing, identifying, and managing material risk from cybersecurity threats, and have integrated these processes into our overall risk assessment and risk management procedures. We routinely assess material risks from cybersecurity threats, including any potential unauthorized occurrence on, or conducted through, our information systems, that may result in adverse effects on the confidentiality, integrity, or availability of our information systems or any information residing therein. As part of our overall risk management system, we have implemented an information security incident response process to consistently detect, respond, and report incidents, minimize loss and destruction, mitigate the weaknesses that were exploited, and restore information system functionality and business continuity as soon as possible. These processes include continuous monitoring of threats through intrusion detection systems and other monitoring applications, procedures for identifying, responding, assessing and analyzing information security incidents, and the communication of information security incidents with internal and external stakeholders. We operate exclusively on third-party hosted servers that are accessed via web applications. All physical and environmental security controls are maintained by our third-party hosting partners. We review their SOC-2 reports at least annually to ensure the existence and effective operation of their physical security controls. We engage third parties to perform penetration tests of our systems. As of the date of this report, we have not experienced any cybersecurity incidents that have materially affected us, including our business strategy, results of operations, or financial condition. For certain risks from cybersecurity threats that may materially affect our business strategy, results of operations, or financial condition, see Item 1A, "Risk Factors," including the section titled, "Platform outages or disruptions, including any interruptions due to cyberattacks or other cybersecurity incidents, or our or our third-party providers' failure to maintain adequate security and supporting infrastructure as we scale, could damage our reputation and our business, results of operations, and financial condition." Governance Our Board of Directors considers cybersecurity risk as part of its risk oversight function and has delegated to the Audit Committee oversight of cybersecurity and other information technology risks. The Audit Committee oversees management's implementation of our cybersecurity risk management program. Our Chief Technology Officer ("CTO") oversees engineering, production operations and program management. In this role, he is responsible for the Information Security Management System ("ISMS"), within which all our internal and customer-facing IT systems operate. In addition to our CTO, the rest of our executive leadership is involved in the design, review and approval of all ISMS policies. Our CTO has over 20 years of experience building and shipping stable, secure IT systems and products at multiple enterprises. Our engineering team is comprised of technically skilled professionals with multiple industry security certifications, including CISSP and CCSP. In addition, our Senior Director of IT and Infrastructure has over 20 years of experience in cybersecurity, including monitoring, detecting, mitigating, and preventing cybersecurity incidents. The CTO and senior members of our engineering team provide quarterly updates to the Audit Committee regarding our cybersecurity risks and activities, including any known cybersecurity incidents and related responses.

Company Information