|
Cybersecurity Risk Management, Strategy and Governance
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
ITEM 1C. Cybersecurity
We are committed to protecting our information systems against cybersecurity threats. Any cybersecurity incident can adversely affect our business and disrupt our operations as described in greater detail in our Risk Factors relevant to cybersecurity risks. Our senior leadership, in consultation with our board of directors, has assigned responsibilities for ensuring and overseeing the operation of our information security program to the Marchex Information Security Committee (“ISC”) comprised of senior representatives of departments across our organization.
Effective risk management is a critical component of our operations. The ISC conducts a formal cybersecurity risk assessment annually. The assessment methodology is designed to identify cybersecurity threats to our information systems and considers a range of relevant risk factors that include both intentional and unintentional human acts by our or our vendors’ personnel, or malicious third-party actors, risks inherent to technology/equipment we and our service providers use, as well as natural and environmental risks. The ISC discusses and documents mitigation strategies based on the risks identified. Results of assessments are reported to senior leadership and our board of directors. To the extent that any control deficiencies or material changes in the threat environment are identified, the ISC may make recommendations for new or improved controls and threat mitigation strategies.
The ISC also oversees day-to-day cybersecurity risk mitigation efforts, which include, but are not limited to monitoring systems for availability, performance, and security issues, periodic vulnerability scans, penetration testing performed at least annually by independent, reputable, third-party vendors, as well as evaluating any risks associated with prospective third-party service providers who require access to sensitive customer data and implementing any additional controls to address significant risks identified. Furthermore, the ISC meets quarterly to discuss and analyze any relevant developments within the organization and industry relative to cybersecurity, reviews our internal policies and operational procedures relevant to cybersecurity at least annually, and promulgates updates when deemed necessary or advisable.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|our board of directors, has assigned responsibilities for ensuring and overseeing the operation of our information security program to the Marchex Information Security Committee (“ISC”) comprised of senior representatives of departments across our organization.
|Cybersecurity Risk Role of Management [Text Block]
|
Effective risk management is a critical component of our operations. The ISC conducts a formal cybersecurity risk assessment annually. The assessment methodology is designed to identify cybersecurity threats to our information systems and considers a range of relevant risk factors that include both intentional and unintentional human acts by our or our vendors’ personnel, or malicious third-party actors, risks inherent to technology/equipment we and our service providers use, as well as natural and environmental risks. The ISC discusses and documents mitigation strategies based on the risks identified. Results of assessments are reported to senior leadership and our board of directors. To the extent that any control deficiencies or material changes in the threat environment are identified, the ISC may make recommendations for new or improved controls and threat mitigation strategies.
The ISC also oversees day-to-day cybersecurity risk mitigation efforts, which include, but are not limited to monitoring systems for availability, performance, and security issues, periodic vulnerability scans, penetration testing performed at least annually by independent, reputable, third-party vendors, as well as evaluating any risks associated with prospective third-party service providers who require access to sensitive customer data and implementing any additional controls to address significant risks identified. Furthermore, the ISC meets quarterly to discuss and analyze any relevant developments within the organization and industry relative to cybersecurity, reviews our internal policies and operational procedures relevant to cybersecurity at least annually, and promulgates updates when deemed necessary or advisable.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|The ISC also oversees day-to-day cybersecurity risk mitigation efforts, which include, but are not limited to monitoring systems for availability, performance, and security issues, periodic vulnerability scans, penetration testing performed at least annually by independent
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef