URBAN ONE, INC. 10-K Cybersecurity GRC - 2025-03-27

Page last updated on March 27, 2025

URBAN ONE, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-27 09:16:30 EDT.

Filings

10-K filed on 2025-03-27

URBAN ONE, INC. filed a 10-K at 2025-03-27 09:16:30 EDT
Accession Number: 0001041657-25-000013

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Disclosure Regarding Cybersecurity Risk Management Assessment and Management of Cybersecurity Risks: Urban One has implemented a structured approach to assessing, identifying, and managing cybersecurity risks. This framework includes ongoing monitoring of threats, the implementation of security controls, and proactive adaptation to evolving risks. Our cybersecurity strategy is designed to safeguard corporate assets, data, and critical systems while ensuring operational resilience. Our cybersecurity risk management process includes: - Continuous enterprise-wide risk monitoring to assess and respond to emerging cyber threats. Our enterprise risk management assesses the characteristics and circumstances of the evolving business environment and seeks to identify both the potential impacts to our company of a particular risk and the speed with which the risk may manifest; - The deployment of technical security controls, including encryption, endpoint detection and response, and network security protections across our enterprise; - Enterprise-wide employee security awareness programs, including social engineering and phishing simulations and mandatory training; - Collaboration with external cybersecurity experts for penetration testing, vulnerability management, and incident response support; and - Security evaluations for vendors and other third-party service providers to help mitigate supply chain risks. These evaluations include reviewing our service provider and vendor management programs and the related agreements to require prompt notification of cyber incidents, outages and software vulnerabilities to facilitate timely assessment and disclosure of third-party cyber risks. Generally, we require our third-party providers to abide by confidentiality and security processes, particularly for third-party data-processing activities. Our evaluations also include inquiries about the vendor’s or service provider’s cybersecurity history, including any breaches or other incidents. Our third-party security evaluations are limited by their disclosures; therefore, a risk-based approach is used in making vendor and contractual decisions based on those disclosures and the totality of the circumstances, such as whether the third party will have access to personal information or our network. Through these measures, Urban One is committed to maintaining a strong cybersecurity posture and protecting against potential security threats. Material Effects of Cybersecurity Threats and Incidents: Cybersecurity threats have the potential to impact our operations, financial condition, and reputation. While we have not experienced any material cybersecurity incidents during the reporting period (See Note 21 - Subsequent Events ) , we recognize that such incidents could result in: - Disruption of operations, impacting revenue and productivity; - Unauthorized access to or theft of sensitive data, potentially leading to regulatory and legal implications; and - Reputational harm, affecting customer trust and investor confidence. Urban One employs continuous threat monitoring, security awareness initiatives, and incident response protocols to mitigate these risks. Our security team remains focused on maintaining a proactive and adaptive security strategy to minimize the likelihood and impact of cybersecurity incidents. Board Oversight: The Board of Directors provides oversight of Urban One’s cybersecurity risk management efforts. The Board receives updates from the Chief Information Officer (“CIO”) and Chief Information Security Officer (“CISO”) on key cybersecurity risks, threat trends, and mitigation strategies. These updates are based on internal security monitoring and reporting, as well as insights from our managed security service provider (“MSSP” ). The Board remains committed to ensuring cybersecurity remains a priority for the organization and that the appropriate resources and governance structures are in place to manage cyber risks effectively. Management’s Role and Expertise: Urban One’s cybersecurity program is led by the CIO and CISO , who are responsible for cybersecurity strategy, risk management, and incident response. The CISO collaborates closely with the CIO, IT leadership, and business stakeholders to align security initiatives with the Company’s broader strategic objectives. Our CIO has more than twenty-five years of experience advancing technology, digital transformation, and cybersecurity, including in the financial services industry. Prior to joining Urban One, he served as a Senior Vice President for Capital One Financial Corporation. During his tenure at Capital One, he supported the company’s digital transformation and built the capabilities required to move its global enterprise to the cloud across technology divisions and platforms. Additionally, he has led strategic technology innovations and cybersecurity programs as an executive at several other leading Fortune 500 companies. Our CISO has more than twenty-five years of experience in cybersecurity, risk management, and technology leadership across financial services and global enterprises. Before joining Urban One, he served as Chief Information Security Officer at Farm Credit Financial Partners, Inc., leading enterprise-wide security initiatives. He has also held key leadership roles at Rabobank International, where he progressed through various IT, security operations, and risk management positions. Additionally, he led cybersecurity and risk management programs at United Technologies Corporation, where he focused on analytics-driven security solutions to enhance organizational resilience. He holds dual master’s degrees in Information Security & Assurance and IT Management and also has an Executive MBA from the University of Connecticut Urban One’s executive leadership team remains engaged in cybersecurity initiatives and regularly reviews the effectiveness of security controls, policies, and incident response capabilities to ensure alignment with evolving threats and business needs. For additional information on the risks we face related to cyber and information security threats, please see our related risk factor in Item 1A. Risk Factors .

Company Information