Match Group, Inc. 10-K Cybersecurity GRC - 2026-02-26

Page last updated on February 26, 2026

Match Group, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-02-26 16:51:17 EST.

Filings

10-K filed on 2026-02-26

Match Group, Inc. filed a 10-K at 2026-02-26 16:51:17 EST
Accession Number: 0000891103-26-000025

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy Match Group maintains an information security program designed to identify, protect against, detect, respond to, and manage reasonably foreseeable cybersecurity risks and threats. Our information security teams, led by our Senior Vice President, Security Engineering, is responsible for assessing and managing our exposure to information security risks, including by: - Implementing and enforcing physical, operational and technical security policies, procedures and controls; - Conducting, and engaging independent third-party experts to conduct, when appropriate, internal and external security assessments and audits, including assessments of our cybersecurity policies, standards, processes, and practices, and the security posture of third-party vendors and partners; and - Collaborating with our development teams to engineer and integrate security as part of the product development lifecycle. We have implemented cybersecurity controls to attempt to detect and address threats arising from our use of third-party service providers. We have established incident response and recovery plans across Match Group's businesses, and we have conducted cybersecurity awareness training for our employees, including incident response personnel and senior management. For key third parties, security risk assessments are conducted during onboarding, contract renewal, and when an increased risk profile is identified. We also require specified security controls and other responsibilities from our service providers and we investigate security incidents affecting them as deemed necessary. Our policies, standards, processes and practices for assessing, identifying, and managing material risks from cybersecurity threats are integrated into our overall risk management program and are based on frameworks established by the International Organization for Standardization ("ISO") and other applicable industry standards. This does not imply that we meet any particular technical standards, specifications or requirements, only that we use ISO and other applicable industry standards as guides to help us identify, assess and manage cybersecurity risks relevant to our business. We have also obtained various industry certifications and attestations that demonstrate our dedication to protecting the data our users entrust to us, including for Tinder and Hinge. We conduct periodic reviews and tests of our information security program and leverage audits by our internal audit team and testing by our red team. When appropriate, we employ external services to conduct tabletop exercises, penetration and vulnerability testing, simulations, and other exercises to evaluate the effectiveness of our information security program and improve our security measures and planning across Match Group's businesses. The results of these assessments are reported to the Audit Committee of our Board of Directors. We have not identified risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, that have materially affected or are reasonably likely to materially affect us. However, we face ongoing risks from cybersecurity threats that, if realized, are reasonably likely to materially affect our business strategy, results of operations, or financial condition, and our systems periodically experience directed attacks intended to lead to interruptions and delays in our service and operations as well as loss, misuse or theft of personal information (of third parties, employees and our users) and other data, confidential information or intellectual property. Any significant disruption to our service or unauthorized access to our systems could result in a loss of users and adversely affect our business, financial condition, and results of operations. Further, a penetration of our systems or a third-party's systems or other misappropriation or misuse of personal information could subject us to business, regulatory, litigation and reputation risk, which could have a negative effect on our business, financial condition, and results of operations. While Match Group maintains cybersecurity insurance, the costs related to cybersecurity threats or disruptions may not be fully insured. For additional discussion of cybersecurity risks, see "Item 1A Risk factors-Risks relating to our business-We may not be able to protect our systems and infrastructure from cyberattacks and may be adversely affected by cyberattacks experienced by third parties." Governance Board Oversight Our Board of Directors, in coordination with the Audit Committee, oversees our management of cybersecurity risk, including our annual risk assessment, where we assess key risks within the company, including security and technology risks and cybersecurity threats. The Audit Committee directly oversees our cybersecurity program. The Audit Committee receives regular cybersecurity updates from management. Cybersecurity reviews by the Audit Committee or the Board of Directors occur regularly, including as determined to be necessary or advisable. Management's Role Our cybersecurity program is managed by our SVP, Security Engineering, who reports to our Chief Legal Officer . Our SVP, Security Engineering, has over 20 years of industry experience, including serving in similar roles leading and overseeing cybersecurity programs at other public companies. Our information security program encompasses partnerships among teams that are responsible for cyber governance, prevention, detection and remediation activities within our cybersecurity environment. Team members have relevant certifications, educational and industry experience, including experience holding similar positions at other large technology companies. The information security teams provide regular reports to senior management and other relevant teams on various cybersecurity threats, assessments and findings. Our information security leadership reports directly to the Audit Committee or the Board of Directors on our cybersecurity program and efforts to prevent, detect, mitigate, and remediate issues. We also maintain an escalation process to inform senior management and the Board of Directors of material issues and make determinations with respect to any required disclosures.

Company Information