WEBTOON Entertainment Inc. 10-K Cybersecurity GRC - 2025-03-11

Page last updated on March 11, 2025

WEBTOON Entertainment Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-11 16:07:35 EDT.

Filings

10-K filed on 2025-03-11

WEBTOON Entertainment Inc. filed a 10-K at 2025-03-11 16:07:35 EDT
Accession Number: 0001997859-25-000017

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy We collect, store, process and use data necessary to conduct our business, including information regarding our customers and employees in digital form. Data maintained in digital form is subject to unauthorized access, modification, theft, misuse or other cybersecurity risks. We maintain comprehensive processes to assess, identify, and manage material risks from internal and external cybersecurity threats, and have integrated such processes into our overall enterprise risk management systems and processes. We regularly assess our cybersecurity threats based on industry leading frameworks, including ISO27001, ISO27701 and National Institute of Standards and Technology Cybersecurity Framework (NIST CSF). Assessments are performed by dedicated cybersecurity teams led by our Chief Information Security Officer and Data Protection Officer (CISO and DPO) to identify risks related to data loss, theft, misuse and other cybersecurity risks. Following such risk assessments, we design and implement safeguards to prevent and mitigate identified risks based on our risk management methodology. Additionally, we regularly conduct cybersecurity/privacy awareness training, phishing attack simulation training, disaster recovery training and other tabletop exercises to improve our practices. To maintain the highest levels of cybersecurity, we engage independent third-party experts to assess and audit our cybersecurity and obtain cybersecurity certifications, including ISO27001, ISO27701 and/or SOC2 on our key services. Our insurance coverage addresses certain financial exposures related to cybersecurity incidents. Although, we have not experienced any material cybersecurity incidents, we face risks from cybersecurity threats that could have a material adverse effect on our business, financial condition, results of operations, cash flows or reputation. Despite our efforts, the risk of unauthorized access, modification, theft, misuse and other cybersecurity attacks cannot be eliminated entirely. We have experienced, and may continue to experience, cybersecurity incidents in our normal course of business. See “Risk Factors - Risks Related to Our Business, Industry and Operations - If the security of our platform is compromised, it could compromise our and our creators’ and users’ personal, sensitive, confidential and proprietary information, disrupt our internal operations and harm public perception of our platform, which could adversely affect our business and reputation.” We use third party systems and software and provide personal information about customers and employees to third parties in certain cases. We assess the cybersecurity of third party service providers and regularly conduct access review. We may decline or terminate the engagement with certain third party service providers if we determine that the use of their services would increase our exposure to cybersecurity risks . Governance Our CISO and DPO serves as the chair of the IT Compliance Committee, which directly reports to our CEO. The IT Compliance Committee also includes key representatives from management, and is responsible for reviewing IT planning, cybersecurity and privacy, and managing our cybersecurity teams . The IT Compliance Committee, upon reviewing assessment results regularly reported by cybersecurity teams, provides periodic updates to the Audit Committee on the effectiveness of our cybersecurity processes, and the Audit Committee reviews cybersecurity risks as part of the Company’s enterprise risk management system. The Audit Committee periodically reports the results of its review to the Board. When a cybersecurity incident occurs, information is escalated to the CISO and DPO who may convene IT Compliance Committee meetings to discuss findings, actions taken, potential disclosure obligations, impact and recurrence prevention plan depending on the severity of the incident. The IT Compliance Committee members rely on the cybersecurity experience of our CISO and DPO, which includes more than 20 years of directing privacy policies at public companies that provide web portal and instant messenger services, and managing cybersecurity and privacy policies at a game developer company. All IT Compliance Committee members have robust experience in their respective fields as well as a general familiarity with cybersecurity matters and an understanding of the potential financial impacts, disclosure obligations, and enterprise risks to the Company as they relate to cybersecurity.

Company Information