Banzai International, Inc. 10-K Cybersecurity GRC - 2025-04-15

Page last updated on April 15, 2025

Banzai International, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-04-15 16:52:16 EDT.

Filings

10-K filed on 2025-04-15

Banzai International, Inc. filed a 10-K at 2025-04-15 16:52:16 EDT
Accession Number: 0000950170-25-054303

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. We maintain a cyber risk management program designed to identify, assess, manage, mitigate, and respond to cybersecurity threats. The underlying processes and controls of our cyber risk management program incorporate recognized best practices and standards for cybersecurity and information technology, including the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) and processes and controls supporting requirements with the General Data Protection Regulation (GDPR). The NIST CSF offers a thorough set of guidelines and best practices to help establish a strong cybersecurity posture. Utilizing NIST CSF enables us to systemically identify, assess, and manage cybersecurity risks most relevant and impactful to our business operations. It is important to note that using the NIST CSF as a guide does not imply our cybersecurity program meets any specific technical standards or requirements. We have an annual assessment performed by a third-party specialist of the cyber risk management program against the NIST CSF. The annual risk assessment identifies, quantifies, and categorizes material cyber risks. In addition, we, in conjunction with the third-party cyber risk management specialists, develop a Risk Mitigation Plan to mitigate such risks, and where necessary, remediate potential vulnerabilities identified through the annual assessment process. We maintain policies over areas such as information security, incident management, business continuity, IT change and configuration management, acceptable use and access on/offboarding to help govern the processes put in place by management 37 designed to protect our IT assets, data, and services from threats and vulnerabilities. We partner with industry recognized cybersecurity providers leveraging third-party technology and expertise. We engage with these partners to monitor and maintain the performance and effectiveness of IT assets, data, and services that are deployed in our IT environment. Cybersecurity partners, including assessors, consultants, advisors and other third-party service providers, are a key part of our cybersecurity risk management strategy and infrastructure. We partner with industry recognized cybersecurity providers leveraging third-party technology and expertise and engage with these partners to monitor and maintain the performance and effectiveness of IT assets, data and services. The cybersecurity partners provide services including, but not limited to, configuration management, vulnerability scans, network protection and monitoring, remote monitoring and management, user activity monitoring, data backups management, infrastructure maintenance, cybersecurity strategy, and cyber risk advisory, assessment, and remediation. We have implemented third-party risk management processes to manage the risks associated with reliance on vendors, critical service providers, and other third-parties that may lead to a service disruption or an adverse cybersecurity incident. This includes vendor due diligence prior to onboarding, a review of System and Organization Control (SOC) reports on an annual basis , regular review of vendor contracts, and compliance with service level agreements (SLAs). In evaluating the risks identified as a result of the annual cybersecurity assessment process, our cybersecurity partners assist the Company to assess the likelihood, severity, and impact of relevant risks, including the impact on employees, stakeholders, and vendors. These risks are prioritized and monitored by the cybersecurity partners and management of the Company. Our cybersecurity program includes an incident response plan that includes all relevant and critical members of management and third-party service providers alike. The team is responsible for assessing and managing cybersecurity incident response processes, response times, and communication plans in the event corrective actions and mitigation procedures are required to isolate and eradicate an incident. Our management team, in conjunction with the Chief Technology Officer and cybersecurity service providers are responsible for oversight and administration of our cyber risk management program, and for informing senior management and other relevant stakeholders regarding the prevention, detection, mitigation, and remediation of cybersecurity incidents. The management team has prior experience selecting, deploying, and overseeing cybersecurity technologies, initiatives, and processes directly or via selection of strategic third-party partners. Management relies on threat intelligence as well as other information obtained from governmental, public or private sources, including external consultants engaged in strategic cyber risk management, advisory and decision making. Our Audit Committee oversees our cybersecurity risk exposures and the steps taken by management to monitor and mitigate cybersecurity risks. The cybersecurity stakeholders, including member(s) of management assigned with cybersecurity oversight responsibility and/or third-party consultants providing cyber risk services brief the Audit Committee on cyber threats and vulnerabilities identified through the risk management process, the effectiveness of our cyber risk management program, and the emerging threat landscape and new cyber risks on at least an annual basis. This includes updates on our processes to prevent, detect, and mitigate cybersecurity incidents. In addition, cybersecurity risks are reviewed by our Board of Directors at least annually, as part of the Company’s corporate risk oversight processes. We face risks from cybersecurity threats that could have a material adverse effect on our business, financial condition, results of operations, cash flows or reputation. We acknowledge that the risk of a cyber incident is prevalent in the current threat landscape and that a future cyber incident may occur in the normal course of our business. However, prior cybersecurity incidents have not had a material adverse effect on our business, financial condition, results of operations, or cash flows. We proactively seek to detect and investigate unauthorized attempts and attacks against our IT assets, data, and services, and to prevent their occurrence and recurrence where practical through changes or updates to our internal processes and tools and changes or updates to our service delivery; however, potential vulnerabilities to known or unknown threats will remain. Further, there is increasing regulation regarding responses to cybersecurity incidents, including reporting to regulators, investors, and additional stakeholders, which could subject us to additional liability and reputational harm. In response to such risks, we have implemented initiatives such as the cybersecurity risk assessment process and developed an incident response plan. See Item 1A. “Risk Factors” for more information on our cybersecurity risks. 38

Company Information