Trump Media & Technology Group Corp. 10-K Cybersecurity GRC - 2025-02-14

Page last updated on February 14, 2025

Trump Media & Technology Group Corp. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-02-14 16:28:41 EST.

Filings

10-K filed on 2025-02-14

Trump Media & Technology Group Corp. filed a 10-K at 2025-02-14 16:28:41 EST
Accession Number: 0001140361-25-004822

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity We recognize the importance of developing, implementing and maintaining robust cybersecurity measures to safeguard our information systems and protect the confidentiality, integrity , and availability of our data. Our cybersecurity risk management activities and outcomes are guided by the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) and assessed by a third party. We follow the NIST CSF as a guide to help us identify, assess, and manage cybersecurity risks relevant to our business. We engage in the following key elements to assess, prioritize and manage risk and compliance: - Assessments to help identify material cybersecurity risks to our critical systems, information, services and broader enterprise IT environments; - The use of external cybersecurity service providers, where appropriate, to assess, test or otherwise assist with aspects of our security processes; - A cybersecurity incident response plan, and incident response policy to respond to cybersecurity incidents; and - We mandate that all employees, including corporate personnel with access to information systems, undergo annual data protection and cybersecurity training as well as compliance programs. TMTG has also implemented controls designed to identify and mitigate cybersecurity risk associated with our use of third-party service providers. Cybersecurity Governance Our Board considers cybersecurity risk as critical and delegates cybersecurity risk oversight to the Audit Committee. Our CTO and Senior leadership, as part of our enterprise risk assessments, thoroughly evaluates our cybersecurity program, risks and corresponding mitigations, and reports to the Audit Committee, at least annually. Management’s Role Our Technology organization, led by our Chief Technology Officer, is accountable for our overall cybersecurity program in partnership with other business leaders. Our Chief Technology Officer has extensive experience leading global technology and IT organizations. Team members and outside experts supporting our program have relevant education and information security experience, including security for large multi-national, publicly traded companies. Our CTO has a master’s degree in Software Engineering, and expertise in both private and public companies within the technology sector. Our information security team remains abreast of the latest cybersecurity advancements, staying informed about potential threats and emerging risk management strategies. This continuous learning is vital for proactively preventing, detecting, mitigating, and remediating cybersecurity incidents. Our information security team is responsible for implementing and supervising processes for ongoing monitoring of our information systems, incorporating advanced security measures and regular system audits to pinpoint vulnerabilities. In the event of a cybersecurity incident, our information security team employs a well-defined incident response plan, comprising immediate actions to minimize impact and long-term strategies for remediation and prevention of future incidents. Our information security team consistently updates the General Counsel, CFO and CEO on all cybersecurity risks and incidents to ensure top management stays informed about our cybersecurity posture and potential risks. Additionally, significant cybersecurity matters and strategic risk management decisions are escalated to the Board of Directors, granting them comprehensive oversight and the ability to provide guidance on critical cybersecurity issues. To date, we have not experienced any previous cybersecurity incidents that have materially affected or are reasonably likely to materially affect our business strategy, results of operations, or financial condition.

Company Information