Snail, Inc. 10-K Cybersecurity GRC - 2025-03-26

Page last updated on March 26, 2025

Snail, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-26 17:10:48 EDT.

Filings

10-K filed on 2025-03-26

Snail, Inc. filed a 10-K at 2025-03-26 17:10:48 EDT
Accession Number: 0001641172-25-000784

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management, Strategy and Governance. Cybersecurity Risk Management Due to the nature of our business, we face a variety of potential cybersecurity risks that are ever evolving and include unauthorized access to our systems and data, disruption of our online game services, theft of intellectual property, and third-party risks as a result of our use of various third party service providers and cloud service providers. The Company’s risks related to our end user data is borne by our platform partners as we do not maintain any sensitive information of our players within our infrastructure. There have been no cybersecurity threat events identified during the year ended December 31, 2024, which have resulted in a material incident, or are reasonably likely to result in a material impact on our business strategy, results of operations or financial condition. For more information regarding risks relating to intellectual property and cybersecurity related attacks, see Item 1A of Part I, “Risk Factors - Risks Related to Intellectual Property” and “Risk Factors - Risks Related to Our Business and Industry” of this Annual Report. Cybersecurity Strategy We are working towards the implementation of relevant controls within the National Institute of Standards and Technology (“NIST”) Cybersecurity Framework to better address cybersecurity threats and we actively maintain a risk management plan that outlines the processes and procedures we use to identify, assess, mitigate and respond to cybersecurity risks. The plan is designed to protect the Company’s assets and safeguard the confidentiality, integrity and availability of its data and operations. Our cybersecurity risk management plan is integrated into the Company’s overall risk management process and establishes a clear framework with roles and responsibilities for managing cybersecurity risks. The Company currently uses a variety of security controls, including but not limited to firewalls, intrusion detection systems, data encryption in transit and at rest, and multi-factor authentication. We provide regular training to our employees and educate them on cybersecurity risks and best practices to mitigate these risks. The Company also maintains a comprehensive incident response plan to detect, respond to, assess the materiality of, and recover from cybersecurity incidents effectively. 41 Cybersecurity Governance The Company’s executive management considers cybersecurity risk and other information technology risk as part of its risk oversight and has the ultimate responsibility for overseeing our cybersecurity strategy. Furthermore, during the year ended December 31, 2024, we have bolstered our Board of Directors through the appointment of a Director with an extensive history in cybersecurity and a deep understanding of cybersecurity threats which may have a material impact on our business and the video game industry as a whole. Our Director of IT holds operational responsibility for cybersecurity and maintains a suite of industry-standard tools to consistent confidentiality, integrity and availability of Company systems and data. Suspicious activity within Company networks and systems are investigated and assessed by the Director of IT and then reported to the executive management team . Verified incidents are also communicated to the Board of Directors. On a quarterly basis, the Director of IT reports cybersecurity monitoring updates to the CEO, coordinates with our newly appointed Board Member to implement our information technology and cybersecurity programs, as well as with our HR Manager to ensure that the Company’s employees have the adequate training on cybersecurity best practices.

Company Information