Page last updated on March 14, 2025
RumbleOn, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-13 21:11:47 EDT.
Filings
10-K filed on 2025-03-13
RumbleOn, Inc. filed a 10-K at 2025-03-13 21:11:47 EDT
Accession Number: 0001596961-25-000024
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
ITEM 1C. CYBERSECURITY. We believe cybersecurity is a critical part of our overall risk management and key to enabling our digital operations. As a company that heavily relies on our website to buy and market powersports, we face a multitude of cybersecurity threats common to most industries, such as phishing/malware, ransomware and denial-of-service, as well as threats common to retailers, such as theft of customer and employee data. Our customers, suppliers, and subcontractors face similar cybersecurity threats, and a cybersecurity incident impacting us or any of these entities could materially adversely affect our operations, performance and results of operations. These cybersecurity threats necessitate an appropriate focus on cybersecurity. The Board oversees management’s processes for identifying and mitigating risks, including cybersecurity risks, to help align our risk exposure with our strategic objectives. Senior leadership regularly briefs the Board on our cybersecurity and information security posture and the Board is apprised of cybersecurity incidents deemed to have a moderate or higher business impact, even if immaterial to us. The full Board retains oversight of cybersecurity because of its importance to RumbleOn. Our corporate information security team is responsible for our overall information security strategy, policy, security engineering, operations and cyber threat detection and response. The corporate information security organization manages an enterprise security structure with the ultimate goal of preventing cybersecurity incidents to the extent feasible, while simultaneously increasing our system resilience in an effort to minimize the business impact should an incident occur. Central to this effort is our technical solution that provides monitoring of our data and enterprise computing networks. Employees outside of our corporate information security organization also have a role in our cybersecurity defenses and they are immersed in a corporate culture supportive of security, which we believe improves our cybersecurity. Assessing, identifying, monitoring, and managing cybersecurity-related risks are included in our overall risk management processes. Cybersecurity-related risks are included in the population of risks that are evaluated to assess top risks to the Company on an annual basis. To the extent a heightened cybersecurity related risk is identified, risk owners will be assigned to develop risk mitigation plans, which are then tracked to completion. An annual risk assessment is presented to the Board . We rely heavily on third parties to deliver our products and services to our customers, and a cybersecurity incident at a key supplier or subcontractor could materially adversely impact us. We include security and privacy addenda to our contracts where applicable. In addition, any subcontractors connecting to our network are instructed to report cybersecurity incidents to us so that we can assess the impact of the incident on us. Notwithstanding the approach we take to cybersecurity, we may not be successful in preventing or mitigating a cybersecurity incident that could have a material adverse effect on us. While RumbleOn maintains cybersecurity insurance, the costs related to cybersecurity threats or disruptions may not be fully insured.
Company Information
| Name | RumbleOn, Inc. |
| CIK | 0001596961 |
| SIC Description | Services-Computer Programming Services |
| Ticker | RMBL - Nasdaq |
| Website | |
| Category | Accelerated filer Smaller reporting company |
| Fiscal Year End | December 30 |