Atlanta Braves Holdings, Inc. 10-K Cybersecurity GRC - 2025-03-03

Page last updated on March 3, 2025

Atlanta Braves Holdings, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-03 08:13:53 EST.

Filings

10-K filed on 2025-03-03

Atlanta Braves Holdings, Inc. filed a 10-K at 2025-03-03 08:13:53 EST
Accession Number: 0001558370-25-002009

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy Due to the utilization of technology, Atlanta Braves Holdings is subject to material risks from cybersecurity threats. Accordingly, we have committed to protecting the security and integrity of our systems, networks, databases and applications and, as a result, have implemented processes designed to prevent, assess, identify, and manage material risks associated with cybersecurity threats . Cybersecurity risks are assessed as part of our enterprise risk assessment and risk management program and our cybersecurity risk management program is designed and assessed based on recognized frameworks, including the National Institute of Standards and Technology Cybersecurity Framework. We rely on a multidisciplinary team, including our information security function, legal department, management, and third-party consultants, as described further below, to identify, assess, and manage cybersecurity threats and risks. We identify and assess risks from cybersecurity threats by monitoring and evaluating our threat environment and our risk profile using various methods, including using manual and automated tools such as vulnerability scanning software, monitoring existing and emerging cybersecurity threats, analyzing reports of threats and threat actors, conducting scans of the threat environment, evaluating our industry’s risk profile, utilizing internal and external audits and assessments, and conducting threat and vulnerability assessments. To manage and mitigate material risks from cybersecurity threats to our information systems and data, we implement and maintain various technical, physical and organizational measures, processes and policies. These measures include risk assessments, incident detection and response, vulnerability management, disaster recovery and business continuity plans, internal controls within our IT, security and other departments, encryption of data, network security controls, access controls, physical security, asset management, system monitoring, vendor risk management program, employee cybersecurity awareness and training, phishing tests, and penetration testing. In the event of a potential cybersecurity incident, or a series of related cybersecurity incidents, we have cybersecurity incident response frameworks in place to respond in a timely and appropriate manner. These frameworks are a set of coordinated procedures and tasks that our incident response teams execute with the goal of ensuring timely and accurate identification, resolution and reporting of cybersecurity incidents both internally and externally, as necessary. To operate our business, we utilize certain third-party service providers to perform a variety of operational functions. We have implemented a third-party risk management program to evaluate the cybersecurity practices of higher risk vendors and vendors that encounter our systems or data. We additionally engage and retain third-party consultants, legal advisors and assessors to keep us apprised of emerging third-party risk, defense and mitigation strategies, and governance best practices. Impact of cybersecurity risks on business strategy, results of operations or financial condition As of the date of this Annual Report on Form 10-K, we are not aware of any risks from cybersecurity threats that have materially affected or are reasonably likely to materially affect our business strategy, results of operations or financial condition. For additional information on our cybersecurity risks, see " Data loss or other breaches or disruptions of our information systems and information system security could materially harm our business and results of operations." in Part I, Item 1A - “Risk Factors” of this Annual Report on Form 10-K. I- Governance Role of the Board of Directors Our board of directors has overall responsibility for risk oversight and has delegated to the Audit Committee primary enterprise risk oversight responsibility, including privacy and cybersecurity risk exposures, policies and practices, the steps management takes to detect, monitor and mitigate such risks and the potential impact of those exposures on our business, financial results, operations and reputation. The Audit Committee receives quarterly updates on the enterprise risk management program the CESC (as defined below) including cybersecurity risks and the initiatives undertaken to identify, assess and mitigate such risks. This cybersecurity reporting may include threat and incident reporting, vulnerability detection reporting, risk mitigation metrics, systems and security operations updates, employee education initiatives, and internal audit observations, if applicable. In addition to the efforts undertaken by the Audit Committee, the full board of directors regularly reviews matters relating to cybersecurity risk and cybersecurity risk management. Any material cybersecurity events would be brought to the attention of the full board of directors once the event is deemed material. We additionally use our incident response framework as part of the process we employ to keep our management and board of directors informed and to monitor the prevention, detection, mitigation, and remediation of cybersecurity incidents. Role of Management We have established a cross functional Cybersecurity Executive Steering Committee (“CESC”) led by our Senior Vice President (“SVP”) and Head of Technology Services, Chief Legal Officer, Chief Financial Officer and other executives from our Legal, Accounting, Cybersecurity and Facilities departments. The CESC meets at least quarterly and has primary management oversight responsibility for assessing and managing information security , data protection and privacy, and cybersecurity risks. Our SVP and Head of Technology Services, together with the Director Cybersecurity and IT Infrastructure, is responsible for day-to-day management and oversight of our cybersecurity, including assessing, monitoring and mitigating cybersecurity risk. The SVP and Head of Technology Services provides regular reporting to Braves Holdings executive management, the CESC and the Audit Committee. A Compliance Committee has also been established and is responsible for overseeing and monitoring all corporate compliance initiatives at Braves Holdings, including cybersecurity. The Compliance Committee is composed of members of the CESC as well as the Braves Holdings executive leadership team, including the President and Chief Executive Officers of the Baseball and Development divisions, Chief Financial Officer and Chief Legal Officer. The SVP and Head of Technology Services provides periodic updates to the Compliance Committee on cybersecurity risks and initiatives as well as any cybersecurity events, as applicable. Our management team’s experience includes a diverse background in telecom, financial services and other industries, with decades of experience in various aspects of technology and cybersecurity. Our SVP and Head of Technology Services has more than 30 years of leadership experience, including delivering technology solutions and designing and building new business strategies in regulated businesses and our Director Cybersecurity and IT Infrastructure has more than 20 years of cybersecurity and information technology experience and is a Certified Information System Security Professional. Together this management team has worked at a variety of companies, including large publicly traded companies, implementing and managing IT and cybersecurity programs and teams, developing tools and processes to protect internal networks, business applications, customer facing applications and customer payment systems.

Company Information