Vimeo, Inc. 10-K Cybersecurity GRC - 2025-02-19

Page last updated on February 19, 2025

Vimeo, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-02-19 17:07:29 EST.

Filings

10-K filed on 2025-02-19

Vimeo, Inc. filed a 10-K at 2025-02-19 17:07:29 EST
Accession Number: 0001837686-25-000024

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity We maintain a comprehensive Information Security Management System (“ISMS”) program, which is led by a dedicated Chief Information Security Officer (“CISO”), who joined the Company in October 2024 and has almost 20 years of experience in enterprise grade cybersecurity and global scale systems, having previously served as a CISO of another public company and as a cybersecurity consultant. Our CISO is undertaking a comprehensive review of our information security systems and processes, and as a result, we may make incremental improvements to our cybersecurity controls and procedures and our cybersecurity risk management over the next six to twelve months. Under the CISO, the Information Security Team is responsible for defining and implementing the Company’s cybersecurity strategy, policy, standards, architecture, and processes. The Information Security Team oversees the delivery of network, cloud, email and application security, security monitoring, penetration testing, cybersecurity training and incident response. Our ISMS program has been developed based on industry standards, including those published by the International Organization for Standardization and the National Institute of Standards and Technology, although we may not directly or fully comply with all elements of these standards. Through our ISMS program, we have established a comprehensive collection of policies and standard operating procedures to guide our cybersecurity strategy, which includes an Information Security Policy applicable to all Vimeo personnel, as well as a Supplier Information Security Policy for our third-party software vendors, both of which set forth cybersecurity standards, controls, and training requirements designed to protect corporate and customer data, whether it is processed by Vimeo or a service provider. We also conduct regular workforce training to instruct employees to identify cybersecurity concerns and take the appropriate action. Our cybersecurity governance framework includes oversight by the Audit Committee of the Board , which reviews the effectiveness of the Company’s management of cybersecurity, data privacy and other data- and technology-related risks, controls and procedures. The CISO reports regularly to our Audit Committee, as well as our Chief Executive Officer and other members of our senior management as appropriate. These reports include updates on the Company’s cyber risks and threats, the status of projects to strengthen our information security systems, assessments of the information security program, and the emerging threat landscape. Our ISMS program is regularly evaluated by external experts with the results of those reviews reported to senior management and the Board. The Audit Committee and, as appropriate, the Board, also receives prompt and timely information regarding any high severity cybersecurity incident, as well as ongoing updates regarding any such incident until it has been addressed. As of the date of this report, we are not aware of any material risks resulting from any previously reported cybersecurity incidents that have materially affected or are reasonably likely to materially affect the Company, including our business strategy, results of operations, or financial condition. We discuss the risks relating to cybersecurity threats and their potential impact on our business more fully in “Risk Factors” in Part I, Item 1A herein.

Company Information