PSQ Holdings, Inc. 10-K Cybersecurity GRC - 2025-03-13

Page last updated on March 14, 2025

PSQ Holdings, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-13 16:05:55 EDT.

Filings

10-K filed on 2025-03-13

PSQ Holdings, Inc. filed a 10-K at 2025-03-13 16:05:55 EDT
Accession Number: 0001628280-25-012592

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Cybersecurity is a critical component of our risk management strategy and corporate governance. We have implemented a comprehensive cybersecurity program designed to identify, assess, and mitigate risks that could materially impact our operations, financial condition, or reputation. Our approach begins with regular security risk assessments, where we analyze potential threats, evaluate their severity, and develop prioritized mitigation strategies. Responsibility for addressing these risks is assigned to appropriate teams, ensuring accountability and effective remediation. To enhance our security posture, we employ autonomous monitoring tools that continuously detect vulnerabilities and track anomalous activity across our infrastructure and applications. Alerts from these systems are escalated for triage by our Information Security team, allowing us to proactively address potential threats. Employee education is also a key element of our cybersecurity strategy. We provide ongoing training on data security best practices, phishing awareness, and social engineering defenses to ensure that our workforce remains vigilant against evolving threats. We maintain a structured incident management program that is formally tested through tabletop exercises at least once a year. Additionally, our business continuity and disaster recovery program is regularly evaluated to ensure resilience against disruptions. Recognizing the risks associated with third-party service providers, we have a robust vendor risk management program in place to assess and mitigate cybersecurity risks within our supply chain, particularly for vendors that handle customer and employee data. Our key infrastructure and applications undergo external penetration testing at least annually, and we conduct enterprise-wide risk assessments, inclusive of cybersecurity risks, on an annual basis. Governance of cybersecurity risks is integrated into our overall corporate oversight framework. Our Board of Directors considers cybersecurity a fundamental risk area and has delegated responsibility for oversight to the Audit Committee. The day-to-day management of cybersecurity risks is led by our Chief Information Security Officer (CISO), who is responsible for identifying, assessing, and mitigating security threats. As part of our broader enterprise risk assessment process, our CISO, Chief Technology Officer (CTO), Legal team, and Senior Engineering leadership conduct thorough evaluations of our cybersecurity program, risks, and corresponding mitigations. These assessments are reviewed with the Audit Committee at least annually. Our CISO brings extensive experience in security governance, risk, and compliance, with over 13 years of leadership in both public and private enterprises, including startups. Holding a degree in Accounting and Management Information Systems, our CISO provides deep expertise in aligning security initiatives with business objectives and regulatory requirements. To date, we have not experienced any cybersecurity incidents that have materially affected, or are reasonably likely to materially affect , our business strategy, financial condition, or results of operations. However, we remain vigilant in our efforts to mitigate cybersecurity risks and respond swiftly to potential threats. Our cybersecurity risk management framework is guided by industry-leading standards, including the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) and ISO 27001. Additionally, our FinTech business maintains Payment Card Industry Data Security Standard (PCI DSS) Level 1 compliance, undergoing annual external audits to ensure continued adherence. To further strengthen our security practices, management is actively evaluating additional certifications that align with our commitment to maintaining a resilient cybersecurity program.

Company Information