Nextdoor Holdings, Inc. 10-K Cybersecurity GRC - 2025-02-27

Page last updated on February 27, 2025

Nextdoor Holdings, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-02-27 16:08:34 EST.

Filings

10-K filed on 2025-02-27

Nextdoor Holdings, Inc. filed a 10-K at 2025-02-27 16:08:34 EST
Accession Number: 0001846069-25-000017

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy We employ a comprehensive, cross-functional approach to assess, identify, and manage material cybersecurity risks, ensuring the confidentiality, security, and availability of our information systems and data. Our cybersecurity strategy is guided by applicable laws and regulations, industry standards, and best practices. We have established robust policies, standards, and processes to proactively safeguard our digital assets, mitigate risks, and respond effectively to cybersecurity incidents. Our cyber risk management framework includes: (1) enterprise risk management to identify top cybersecurity risks; (2) vulnerability management to identify software vulnerabilities and infrastructure risks; (3) vendor risk management to identify risks related to third parties and business partners, which includes pre-engagement due diligence, use of contractual security provisions, and continued monitoring through risk-based periodic audits, as applicable; (4) privacy risk management to ensure regulatory compliance and proactively manage privacy risks across our products and platforms; (5) security monitoring to analyze and assess threat activity in real time; and (6) security incident response protocols to investigate, contain, and mitigate cybersecurity threats. To strengthen our defenses, we regularly engage third party experts to assess vulnerabilities, provide threat intelligence, and assist in triaging and responding to cyber incidents. We also conduct employee training on cybersecurity awareness, data protection, and threat response to reinforce our security culture . In 2024, we did not identify any cybersecurity threats that have materially affected or are reasonably likely to materially affect our business strategy, results of operations, or financial condition. However, despite our efforts, we cannot eliminate all risks from cybersecurity threats, or provide assurances that we have not experienced undetected cybersecurity incidents. For more information regarding cybersecurity risks that we face and potential impacts on our business related thereto, see the section entitled “Risk Factors - Security breaches, including improper access to or disclosure of our data or our neighbors’ data, or other hacking and phishing attacks on our or third-party systems, could harm our reputation and adversely affect our business.” Governance Our Board of Directors , as a whole and at a committee level, maintains oversight of cybersecurity risk management, with primary responsibility assigned to our Audit & Risk Committee. Comprising solely independent directors, our Audit & Risk Committee receives regular updates from our Chief Information Security Officer (“CISO”) and is responsible for ensuring that management has processes in place to identify, assess, and mitigate cybersecurity risks. The Audit & Risk Committee collaborates with management to oversee the implementation of security measures, incident response plans, and ongoing risk management strategies. Our CISO, who reports directly to the Chief Technology Officer, has over 15 years of experience in technology and cybersecurity matters, with expertise spanning IT leadership, incident response, enterprise security, and business technology. Our CISO holds multiple cloud and IT certifications and is an active thought leader in the cybersecurity space. Prior to joining Nextdoor, our CISO led Business Technology, IT and Cybersecurity at Workato, Inc. and held key roles at Peloton Interactive, Inc. and KPMG LLP, where they built and implemented business continuity and cyber resilience programs.

Company Information