PLBY Group, Inc. 10-K Cybersecurity GRC - 2025-03-13

Page last updated on March 14, 2025

PLBY Group, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-13 16:48:22 EDT.

Filings

10-K filed on 2025-03-13

PLBY Group, Inc. filed a 10-K at 2025-03-13 16:48:22 EDT
Accession Number: 0001803914-25-000030

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy We understand our responsibility to assess, identify, and manage material risks associated with cybersecurity threats and incidents, as such terms are defined in Item 106(a) of Regulation S-K. Such risks include, among other things: operational disruptions, intellectual property theft, fraud, extortion, harm to employees or customers and violation of data privacy and/or security laws. Identifying, assessing and managing cybersecurity risk is part of our overall risk management strategy. Cybersecurity risks related to our business, technical operations, privacy and compliance requirements are identified and addressed through third party security software, information technology (IT) security protocols, governance oversight, and risk and compliance reviews. To defend, detect and respond to cybersecurity incidents, we conduct routine privacy and cybersecurity reviews of systems and applications, monitor emerging laws and regulations related to data protection and information security and implement changes as necessary. Our cybersecurity program is primarily overseen by our Senior Director of IT Infrastructure, who works closely with our information technology team and our senior management to develop and advance our cybersecurity strategy, as well as to respond to cybersecurity incidents. Our cybersecurity leader reports to our Chief Operating Officer and General Counsel on cybersecurity matters and collaborates with stakeholders across our business units to assess risks and implement strategies. With the assistance of third-party software, including appropriate firmware, we manage cybersecurity risk through establishing defenses against incidents, detecting and reporting cybersecurity incidents, analyzing and assessing incidents and potential responses, implementing applicable containment, eradication and recovery actions, and understanding the reasons leading to a cybersecurity incident and appropriate changes to avoid further incidents. We perform periodic reviews of our service providers for third-party risk management, and we routinely push out security updates across our business. Our cybersecurity measures are intended to protect against unauthorized access to information, and they include authentication technology, entitlement management, access control, anti-malware software, and transmission of data firewalls. We describe whether and how risks from identified cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition, in our risk factor disclosures in Item 1A of this Annual Report on Form 10-K. During the years ended December 31, 2024 and 2023, we did not, to our knowledge, experience any cybersecurity incidents or breaches that materially impacted our business, performance or results. Governance Our Board has overall responsibility for risk oversight, with its committees assisting the Board in performing this function based on their respective areas of expertise. Our Board has delegated primary oversight of risks related to cybersecurity to the Audit Committee of the Board, which reports on its activities and findings to the full Board as appropriate. The Audit Committee is charged with reviewing our cybersecurity processes for assessing key strategic, operational, and compliance risks. Our General Counsel and/or Chief Operating Officer (as applicable) provide information to the Audit Committee on cybersecurity risks from time to time or as needed. These briefings include assessments of cybersecurity risks, information regarding any incidents, and cybersecurity risk management needs. Our Senior Director of IT Infrastructure holds industry-standard certifications and has extensive experience in cybersecurity, including implementing security frameworks, compliance policies, and risk management strategies across multiple organizations, and applying that experience to cloud security, endpoint security and network security. Our Senior Director of IT Infrastructure is committed to safeguarding organizational assets and mitigating cybersecurity risks effectively while efficiently leveraging cloud technologies to meet the needs of our business. In the event of a potentially material cybersecurity event, the Chair of the Audit Committee is notified and briefed, and meetings of the Audit Committee and/or full Board would be held, as appropriate. 38

Company Information