Skillz Inc. 10-K Cybersecurity GRC - 2024-08-29

Page last updated on August 29, 2024

Skillz Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-08-29 16:03:34 EDT.

Filings

10-K filed on 2024-08-29

Skillz Inc. filed a 10-K at 2024-08-29 16:03:34 EDT
Accession Number: 0001801661-24-000100

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY We have established policies and processes for assessing, identifying, and managing material risk from cybersecurity threats (including those associated with third-party service providers), and have integrated these processes into our overall enterprise risk management systems and processes. We routinely assess material risks from cybersecurity threats, including taking reasonable steps to detect any potential unauthorized occurrence on or behaviors conducted through our information systems that may result in adverse effects on the confidentiality, integrity, or availability of our information systems or any information residing therein. Risk Management and Strategy We have implemented policies and processes designed to detect, prevent, and respond to cybersecurity incidents. All these policies are reviewed annually and updated as needed to address emerging risks or gaps in compliance. The Company has not experienced a material cybersecurity incident to date. If a material cybersecurity breach occurs, the incident will be reviewed to determine whether further escalation is appropriate. Any incident assessed as potentially being or becoming material will immediately be escalated for further assessment and reported to designated members of our executive leadership team and if deemed necessary, the Board of Directors. We plan to consult with outside counsel as appropriate, including on materiality analysis and disclosure matters, and make the final materiality determination regarding disclosure and other compliance decisions. We also plan to keep our independent public accounting firm informed of such incidents as appropriate. While we maintain cybersecurity insurance, the costs related to cybersecurity threats or disruptions may not be fully insured. Although our business strategy, results of operations and financial condition have not been materially affected by risks from cybersecurity threats, we cannot provide assurance that they will not be materially affected in the future by such risks or any future material incidents. For more information on our cybersecurity related risks see Item 1A Risk Factors of this Annual Report on Form 10-K. Governance Role of the Board and Management Our Board of Directors has the ultimate responsibility for oversight of our risk management framework. The Board receives information and periodic updates and actively engages with management with respect to the effectiveness of the Company’s cybersecurity and information security framework, data privacy, and risk management. In addition, as necessary, the Board of Directors receives reports summarizing threat detection and mitigation plans, audits of internal controls, training and certification, and other cyber priorities and initiatives, as well as timely updates from management on material incidents relating to information systems. 42 TABLE OF CONTEN T S Role of Other Employees Members of the Company’s technology and security team periodically discuss cybersecurity program updates and challenges, to watch for potential threats from both external and internal sources, to monitor compliance in existing or emerging business practices, and to respond to stakeholder inquiries. This is composed of individuals with over 10 years of software, infrastructure, and security experience. The Company is continuously monitoring trends and stays current with the various cybersecurity threats and related mitigation opportunities. The Company periodically engages a third-party service provider to perform an external vulnerability scan of the Company’s network to identify known threats and to date no critical vulnerabilities have been identified during these assessments.

Company Information