Newsmax Inc. 10-K Cybersecurity GRC - 2025-03-31

Page last updated on April 2, 2025

Newsmax Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-31 16:45:58 EDT.

Filings

10-K filed on 2025-03-31

Newsmax Inc. filed a 10-K at 2025-03-31 16:45:58 EDT
Accession Number: 0002026478-25-000013

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Governance Related to Cybersecurity Risks Cybersecurity risk oversight is a top priority for management and our board of directors. Management is responsible for the day-to-day management of cybersecurity risks we face, while our board of directors, as a whole and through committees, is responsible for the oversight of risk management. Our incident response process contemplates that management will notify the board of directors of a material cybersecurity incident. Cybersecurity Risk Management To help protect the Company from a major cybersecurity incident that could have a material impact on operations or our financial results, we have implemented policies, procedures, programs and controls, including technology investments that focus on cybersecurity incident prevention, identification and mitigation. The steps we take to reduce our vulnerability to cyberattacks and to mitigate impacts from cybersecurity incidents include but are not limited to establishing information security policies and standards, regular security audits, access controls, controlled use of administrative privileges, advanced threat detection, network security, vulnerability testing, compliance audits, incident response plan, employee training, and engaging third party risk management experts. We leverage CIS (Center for Internet Security) controls as a guideline to enhance our cybersecurity risk management strategy. We regularly assess the threat landscape and take a holistic view of cybersecurity risks, with a layered cybersecurity strategy based on prevention, detection and mitigation. We regularly test defenses by performing simulations and drills at both a technical level (including through penetration tests) and by reviewing our operational policies and procedures. At the management level, our IT security team regularly monitors alerts and meets to discuss threat levels, trends and remediation. The team also prepares a monthly cyber scorecard, regularly collects data on cybersecurity threats and risk areas and conducts an annual cybersecurity risk assessment. Further, we conduct periodic external penetration tests to assess our processes and procedures and the threat landscape. These tests and assessments are useful tools for maintaining a cybersecurity program to protect our investors, consumers, customers, employees, vendors, and intellectual property. Additionally, we follow a cybersecurity incident response process that provides a framework for responding to cybersecurity incidents. The process identifies applicable requirements for incident disclosure and reporting and also provides protocols for incident evaluation, including the use of third-party service providers and partners, processes for notification and internal escalation of information to our senior management, the Board and the audit committee. It also addresses requirements for our external reporting obligations. The cybersecurity incident response process is reviewed and updated, as necessary, under the leadership of the Chief Information Officer. We face a number of cybersecurity risks in connection with our business. Although we did not experience a material cybersecurity incident during the year ended December 31, 2024, the scope and impact of any future incident cannot be predicted. Notwithstanding the approach we take to cybersecurity, we may not be successful in preventing or mitigating a cybersecurity incident that could have a material adverse effect on our business, results of operations, or financial condition. See “Item 1A. Risk Factors” for more information on our cybersecurity-related risks.

Company Information