OUTFRONT Media Inc. 10-K Cybersecurity GRC - 2024-02-22

Page last updated on July 16, 2024

OUTFRONT Media Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-22 16:03:59 EST.

Filings

10-K filed on 2024-02-22

OUTFRONT Media Inc. filed a 10-K at 2024-02-22 16:03:59 EST
Accession Number: 0001579877-24-000015

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. The Company maintains a comprehensive information security and cybersecurity program (the “Cybersecurity Program”) guided by established best practice and tailored to the Company’s business needs. The Cybersecurity Program is an extension of the Company’s enterprise risk management program that seeks to identify and manage risks throughout the Company by having its Chief Financial Officer meet with members of each of the Company’s various departments annually to solicit feedback regarding risks affecting the Company, which is then reported to the audit committee of our board of directors. Under the Cybersecurity Program, systems and networks under Company control are monitored for anomalies using various security tools that identify potential cybersecurity threats and alert the Company’s internal cybersecurity team to suspicious activity. If a potential cybersecurity incident is identified, it is investigated by the Company’s internal cybersecurity team (including the Company’s Chief Information Security Officer (the “CISO”)) to assess whether a cybersecurity incident has occurred, its severity and the risk involved, in accordance with internal processes and procedures and the Company’s incident response plan. The CISO is responsible for management of these cybersecurity processes, and reports to the Company’s Chief Information Officer (the “CIO”). The CISO and CIO will receive input from, and coordinate with, the Company’s Chief Privacy Officer (the “CPO”), as necessary. If a cybersecurity incident is discovered, it must be reported by the CIO and the CISO to the Company’s senior management, including the Company’s Chief Financial Officer and the Company’s General Counsel for further assessment regarding scope, mitigation, remediation and disclosure obligations, as applicable. The audit committee of our board of directors oversees the Company’s information security and cybersecurity risks, compliance and protections, and receives quarterly cybersecurity updates from the CISO and CIO (with input from the CPO, as appropriate) and results of the Company’s incident response plan testing at least annually. The Cybersecurity Program team members, including the CISO and the CIO, have extensive work experience in cybersecurity, information technology engineering and the media and advertising industries, with some members holding degrees in cybersecurity and professional certifications in cybersecurity. The Cybersecurity Program team members are subject to ongoing employee trainings in cybersecurity procedures. We perform regular third-party assessments of the Cybersecurity Program, and retain specialized third-party forensics experts for escalation of certain cybersecurity incidents. In addition, we have processes, including formal security reviews and suspicious activity monitoring, to assess cybersecurity risks associated with our use of third-party service providers. To date, we have not identified any cybersecurity threats, including as a result of any previous cybersecurity incidents, that have materially affected or are reasonably likely to materially affect the Company, including our business strategy, results of operations or financial condition. For additional information about our cybersecurity risks, see “Item 1A. Risk Factors-If we experience a cybersecurity incident, we may suffer reputational harm and significant legal and financial exposure.”

Company Information