Versant Media Group, Inc. 10-K Cybersecurity GRC - 2026-03-03

Page last updated on March 3, 2026

Versant Media Group, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-03-03 16:39:34 EST.

Filings

10-K filed on 2026-03-03

Versant Media Group, Inc. filed a 10-K at 2026-03-03 16:39:34 EST
Accession Number: 0002067876-26-000010

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity The Company maintains a comprehensive cybersecurity program that is designed to assess, identify, and manage risks from cybersecurity threats that may result in material adverse effects on the confidentiality, integrity, and availability of data, networks, and technology assets across Versant. Governance Board of Directors Our Board oversees the Company's enterprise risk management process, including the management and oversight of risks arising from cybersecurity threats. As part of the governance structure adopted in connection with the Separation, the Board has delegated to our Audit Committee oversight of our policies, practices, assessments and mitigation with respect to cybersecurity. The Audit Committee is tasked with regularly reviewing the measures implemented by the Company to identify and mitigate risks from cybersecurity threats. The Board and Audit Committee will receive reports and presentations from members of our team responsible for overseeing the Company's cybersecurity risk management, including the Chief Information Security Officer ("CISO") and our Chief Privacy Officer ("CPO"), which may address topics including recent developments, evolving standards, vulnerability assessments, third-party and independent reviews, the threat environment, cybersecurity incidents, and other cybersecurity considerations. The Audit Committee will report to the full Board on its discussions with the management team. Management Day-to-day management of our cybersecurity strategy and operations is the responsibility of our CISO , who has over 15 years of experience in cybersecurity, risk management, and technology, including experience in broadcast media and production, and holds numerous industry certifications. Our CISO's experience and leadership is supplemented by the collective experience and expertise of our dedicated internal team of cybersecurity personnel. The CISO maintains three direct Vice President reports who oversee cyber defense operations; governance, risk, and compliance; and identity and security services. The team is further supported by a number of information security professionals, each of whom is responsible for coordinating the implementation, monitoring, training, and maintenance of cybersecurity and data protection practices across the Company. Our CISO and the cybersecurity team work closely and frequently with our CPO and Legal team to oversee compliance with legal, regulatory and contractual cybersecurity requirements. Our CISO reports to our Chief Information Officer ("CIO"), who ultimately reports to our President of Operations and Technology ("O&T"), and our Chief Financial Officer and Chief Operating Officer ("CFO and COO"), and is in regular communication with senior management regarding cybersecurity matters and risk management and provides routine updates to the Company's senior leaders, including our Chief Executive Officer, CFO and COO, CIO, the President of O&T, and General Counsel. As part of the Company's incident response process, cybersecurity risk events of a certain criteria are communicated to certain individuals within the Company's senior management, and under certain circumstances, where applicable and relevant, the Audit Committee. The Company has developed a practice of testing the effectiveness of its incidence response plan and assessing its response capabilities by conducting tabletop exercises involving detailed topical cybersecurity scenarios. The Company also has processes in place that are designed to facilitate that decisions regarding public disclosure and reporting of cybersecurity incidents can be made in a timely manner. Risk Management and Strategy Our cybersecurity program, the framework for how we assess, identify and manage risks from information security and cybersecurity threats, incorporates and is designed in alignment with industry standards, including the National Institute of Standards and Technology ("NIST") Cybersecurity Framework and the International Organization for Standardization 27001 framework. Our program employs a layered defense-in-depth system, which includes the use of automated tools, managed by the cybersecurity team, to assess and protect the security of our enterprise-wide systems, our intellectual property, confidential information, and the data of our customers, partners and employees. Our layered approach includes fortifying our network perimeter through intrusion detection and prevention systems; securing individual devices with antivirus solutions, endpoint detection, and multifactor authentication; implementing network security measures and patch management; and ensuring the resilience of applications. We regularly monitor our technological environment, including through penetration and vulnerability scans, and security assessments. Our policy is to conduct regular employee trainings on cybersecurity, including tabletop exercises. In addition to our internal cybersecurity capabilities, we also at times engage consultants or other third parties to assist with assessing, identifying, and managing cybersecurity risks. The Company also employs systems and processes designed to oversee, identify, and reduce the potential impact of a security incident at a third-party vendor, service provider, or customer. Where appropriate based on the data and intellectual property to which these providers are reasonably expected to have access, we conduct security assessments and due diligence reviews of third-party systems for compliance with our security standards, and we include data protection language in our agreements with such third parties. We have adopted a cybersecurity Incident Response Plan that applies in the event of a cybersecurity threat or incident (the "IRP") to provide a standardized framework for responding to security incidents. The IRP aligns to industry standards and sets out a coordinated approach focused on preparation; detection and analysis; containment, eradication and recovery; and post-incident remediation. The IRP applies to all Company personnel (including vendors and partners) that perform functions or services, and to all devices and network services that are owned or managed by the Company. Due to evolving cybersecurity threats, it has and will continue to be difficult to prevent, detect, mitigate, and remediate cybersecurity incidents. Despite ongoing efforts to continued improvement of our and our vendors' ability to protect against cyber incidents, we may not be able to protect all information systems, and such incidents may lead to reputational harm, revenue and client loss, operational impact, legal actions, and statutory penalties, among other consequences. Based on the information available as of the date of this Annual Report on Form 10-K, we believe that since the Separation, risks from cybersecurity threats, including as a result of previous cybersecurity incidents, have not materially affected us, including our business strategy, results of operations or financial condition, and as of the date of this Annual Report on Form 10-K, the Company is not aware of any material risks from cybersecurity threats that are reasonably likely to do so. While we have not experienced any material cybersecurity incidents, there can be no guarantee that we will not be the subject of future successful attacks, threats or incidents. Additional information on cybersecurity risks we face can be found in "Item 1A. Risk Factors" of this Annual Report on Form 10-K, which should be read in conjunction with the foregoing information.

Company Information