XML 36 R20.htm IDEA: XBRL DOCUMENT v3.25.0.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Cybersecurity Risk Management and Strategy

We recognize the importance of assessing, identifying, and managing material risks associated with cybersecurity threats, as such term is defined in Item 106(a) of Regulation S-K. These risks include, among other things: operational risks, intellectual property theft, fraud, extortion, harm to employees or customers and violation of data privacy or security laws.

Identifying and assessing cybersecurity risk is integrated into our overall risk management systems and processes. Cybersecurity risks related to our business, technical operations, privacy and compliance issues are identified and addressed through an internal IT Audit, IT security, governance, risk and compliance reviews. To defend, detect and respond to cybersecurity incidents, we, among other things: conduct proactive privacy and cybersecurity reviews of systems and applications, audit applicable data policies, perform penetration testing using external third-party tools and techniques to test security controls, conduct employee training, monitor emerging laws and regulations related to data protection and information security (including our products) and implement appropriate changes.

We have implemented incident response processes in the event of a cybersecurity threat. Such incident responses are overseen by functional leaders and internal experts. In the event of a cybersecurity threat, security events and data incidents are evaluated, ranked by severity and prioritized for response and remediation. Incidents are evaluated to determine materiality as well as operational and business impact and reviewed for potential privacy impact. As part of the above processes, we have engaged external auditors and consultants to assess our internal cybersecurity programs and compliance with applicable practices and standards and obtained a SOC 2 Type II report.

We describe whether and how risks from identified cybersecurity threats are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition, under the heading “Security and privacy breaches, computer viruses, and cyber-attacks could harm our business, financial condition, results of operations, or reputation.” included as part of our risk factor disclosures at Item 1A of this Annual Report on Form 10-K.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] Identifying and assessing cybersecurity risk is integrated into our overall risk management systems and processes. Cybersecurity risks related to our business, technical operations, privacy and compliance issues are identified and addressed through an internal IT Audit, IT security, governance, risk and compliance reviews.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block] Cybersecurity is an important part of our risk management processes and an area of focus for our Board and management. Our Audit Committee is responsible for the oversight of risks from cyber and data security threats. Members of the Board or Audit Committee receive periodic updates from senior management regarding our cybersecurity processes and risks. Members of management that comprise our incident response team include the following officers (or those with similar responsibility): Senior Director of Information Technology, Chief Operating Officer, Chief Financial Officer, Customer Success (if customers are affected), and Vice President of Human Resources (if employee data is affected). As part of our internal response policy, upon confirmation of a breach, a remediation process is initiated, led by our Principal Privacy Officer who chairs an incident response team. This team may include members from relevant departments such as Product Development, Information Technology, Finance, Legal, Marketing, Client/Customer Services and Human Resources, any other relevant units or departments affected by the breach and any additional personnel as deemed necessary.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] Audit Committee is responsible for the oversight of risks from cyber and data security
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] Members of the Board or Audit Committee receive periodic updates from senior management regarding our cybersecurity processes and risks.
Cybersecurity Risk Role of Management [Text Block] threats. Members of the Board or Audit Committee receive periodic updates from senior management regarding our cybersecurity processes and risks. Members of management that comprise our incident response team include the following officers (or those with similar responsibility): Senior Director of Information Technology, Chief Operating Officer, Chief Financial Officer, Customer Success (if customers are affected), and Vice President of Human Resources (if employee data is affected)Client/Customer Services and Human Resources, any other relevant units or departments affected by the breach and any additional personnel as deemed necessaryThe Principal Privacy Officer is responsible for overseeing the determination of whether a breach occurred, coordinating with third parties handling protected information, and ensuring compliance with legal obligations. Forensic investigators, provided through AudioEye’s cyber insurance or as deemed necessary by the Principal Privacy Officer, will analyze the breach to understand its cause and extent. A communication plan will be developed by Marketing, Legal, and Human Resources to inform internal employees, the public, those directly affected, and regulatory authorities, as necessary to help ensure all notifications comply with relevant laws and regulations
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] Principal Privacy Officer
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] We have implemented incident response processes in the event of a cybersecurity threat. Such incident responses are overseen by functional leaders and internal experts
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] threats. Members of the Board or Audit Committee receive periodic updates from senior management regarding our cybersecurity processes and risks. Members of management that comprise our incident response team include the following officers (or those with similar responsibility): Senior Director of Information Technology, Chief Operating Officer, Chief Financial Officer, Customer Success (if customers are affected), and Vice President of Human Resources (if employee data is affected). As part of our internal response policy, upon confirmation of a breach, a remediation process is initiated, led by our Principal Privacy Officer who chairs an incident response team. This team may include members from relevant departments such as Product Development, Information Technology, Finance, Legal, Marketing,
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true