|
Cybersecurity Risk Management, Strategy, and Governance
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
ITEM 16K. CYBERSECURITY
Genius Sports is committed to meeting the cybersecurity expectations of its internal and external stakeholders. Top-level support and ultimate accountability for information security, including cybersecurity, is provided at the Executive and Board-level. We have a dedicated Information Security function, led by our Vice President of Information Security, to maintain oversight of our Information Security Management System ("ISMS"), aligned to ISO/IEC 27001:2022, the international standard for Information Security.
We recognize the importance of ensuring the ongoing protection of our systems and data and we have made efforts to ensure that policies and practices are effectively implemented to protect against cybersecurity related threats. The Company has established a Cybersecurity Awareness Program which includes training that reinforces the Company’s Information Security policies, standards and practices, as well as the expectation that employees comply with these policies to protect Company resources and information. Training is mandated for all employees globally upon joining the Company and refresher training is issued thereafter. Training is supplemented with awareness initiatives, including frequent cybersecurity communications and periodic phishing tests. The Company additionally provides Information Security personnel with allowances to undertake specialized security training as relevant to their role. Finally, the Company’s Global Privacy Program requires all employees to take periodic awareness training on data privacy. This privacy-focused training includes information about confidentiality and security, as well as responding to unauthorized access to or use of information.
The Company conducts monitoring for cybersecurity incidents and threats using various security technology with support from a managed SOC service, providing continuous monitoring and response. Established incident response procedures and documentation define the activities taken to prepare for, detect, respond to and recover from cybersecurity incidents, which include processes to triage, assess severity, escalate, contain, investigate, and remediate the incident, as well as to comply with potentially applicable legal obligations and mitigate brand and reputation damage. Third-party cybersecurity experts are retained to support in the event of a crisis, providing services including forensic investigation, ransom negotiations, and crisis communications. Annual tabletop exercises are conducted to simulate a response to a major incident, and findings are used to improve our practices, procedures, and technologies.
Our ISMS further includes review and assessment by external, independent third parties, who assess and report on our internal incident response preparedness, adherence to best practices and industry frameworks, and compliance with applicable laws and regulations, and help identify areas for continued focus and improvement. We also carry insurance that provides protection against potential losses arising from a cybersecurity incident.
The management of cybersecurity risks is integrated with our Enterprise Risk Management program, alongside other company risks. Our Enterprise Risk professionals consult with company subject matter experts to gather information necessary to identify cybersecurity risks, and evaluate their nature and severity, as well as identify mitigations.
Due diligence reviews are conducted against third-party vendors who may pose a risk to the security of our Company’s critical data and systems. Such reviews assess the privacy and cybersecurity standards of third parties and any associated risks that require mitigation prior to being granted access to Company resources and information. Risks associated with third parties are assessed, managed and communicated in accordance with our Enterprise Risk Management program.
Material cybersecurity risks are assessed and managed by members of management with relevant expertise to ensure they are handled in a manner that is commensurate with their potential impact on the business if realized. Such risks have not had a material effect on the company to date. Management members include the Vice President of Security and the Chief Technology Officer ("CTO"). Our CTO brings over 20 years of experience in cybersecurity, having led large-scale security initiatives across cloud, financial services, and enterprise software. Our Vice President of Security has served various roles in information security and has attained undergraduate and graduate degrees in relevant fields, as well as professional certifications including Certified Information Security Manager, Certified ISO 27001 Lead Implementer, and Certified GDPR Practitioner.
The Risk Management Steering Committee maintains oversight of our cybersecurity risk posture. It is chaired by the Chief Risk Officer with contribution from the Vice President of Security and includes Executive-level representation including the Chief Executive Officer, Chief Financial Officer and Chief Legal Officer. The Committee meets regularly to discuss the management of cybersecurity risks and incidents and will further disseminate any material information to the wider Executive-team and the Genius Board. The Genius Board has delegated to the Audit Committee top-level oversight of Company risks, including cybersecurity risks. The Audit Committee receives updates on both a scheduled and ad hoc basis, as and when required.
The threat landscape continues to evolve and attacks are becoming increasingly sophisticated, particularly with advancements in AI and its increased accessibility. Despite our efforts to embed effective security controls and practices, we expect that we will not be able to anticipate and protect against all cybersecurity threats, and incidents can always arise due to human error. This is reflected in Part I, Item 3D, "Risk Factors,", specifically the risks described under "Risks Related to Genius Sports Group’s Technology, Intellectual Property, and Infrastructure."
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
The management of cybersecurity risks is integrated with our Enterprise Risk Management program, alongside other company risks. Our Enterprise Risk professionals consult with company subject matter experts to gather information necessary to identify cybersecurity risks, and evaluate their nature and severity, as well as identify mitigations.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Genius Sports is committed to meeting the cybersecurity expectations of its internal and external stakeholders. Top-level support and ultimate accountability for information security, including cybersecurity, is provided at the Executive and Board-level. We have a dedicated Information Security function, led by our Vice President of Information Security, to maintain oversight of our Information Security Management System ("ISMS"), aligned to ISO/IEC 27001:2022, the international standard for Information Security.
The management of cybersecurity risks is integrated with our Enterprise Risk Management program, alongside other company risks. Our Enterprise Risk professionals consult with company subject matter experts to gather information necessary to identify cybersecurity risks, and evaluate their nature and severity, as well as identify mitigations.
Due diligence reviews are conducted against third-party vendors who may pose a risk to the security of our Company’s critical data and systems. Such reviews assess the privacy and cybersecurity standards of third parties and any associated risks that require mitigation prior to being granted access to Company resources and information. Risks associated with third parties are assessed, managed and communicated in accordance with our Enterprise Risk Management program.
Material cybersecurity risks are assessed and managed by members of management with relevant expertise to ensure they are handled in a manner that is commensurate with their potential impact on the business if realized. Such risks have not had a material effect on the company to date. Management members include the Vice President of Security and the Chief Technology Officer ("CTO"). Our CTO brings over 20 years of experience in cybersecurity, having led large-scale security initiatives across cloud, financial services, and enterprise software. Our Vice President of Security has served various roles in information security and has attained undergraduate and graduate degrees in relevant fields, as well as professional certifications including Certified Information Security Manager, Certified ISO 27001 Lead Implementer, and Certified GDPR Practitioner.
The Risk Management Steering Committee maintains oversight of our cybersecurity risk posture. It is chaired by the Chief Risk Officer with contribution from the Vice President of Security and includes Executive-level representation including the Chief Executive Officer, Chief Financial Officer and Chief Legal Officer. The Committee meets regularly to discuss the management of cybersecurity risks and incidents and will further disseminate any material information to the wider Executive-team and the Genius Board. The Genius Board has delegated to the Audit Committee top-level oversight of Company risks, including cybersecurity risks. The Audit Committee receives updates on both a scheduled and ad hoc basis, as and when required.
The threat landscape continues to evolve and attacks are becoming increasingly sophisticated, particularly with advancements in AI and its increased accessibility. Despite our efforts to embed effective security controls and practices, we expect that we will not be able to anticipate and protect against all cybersecurity threats, and incidents can always arise due to human error. This is reflected in Part I, Item 3D, "Risk Factors,", specifically the risks described under "Risks Related to Genius Sports Group’s Technology, Intellectual Property, and Infrastructure."
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Risk Management Steering Committee maintains oversight of our cybersecurity risk posture. It is chaired by the Chief Risk Officer with contribution from the Vice President of Security and includes Executive-level representation including the Chief Executive Officer, Chief Financial Officer and Chief Legal Officer. The Committee meets regularly to discuss the management of cybersecurity risks and incidents and will further disseminate any material information to the wider Executive-team and the Genius Board.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Genius Board has delegated to the Audit Committee top-level oversight of Company risks, including cybersecurity risks. The Audit Committee receives updates on both a scheduled and ad hoc basis, as and when required.
|Cybersecurity Risk Role of Management [Text Block]
|
The management of cybersecurity risks is integrated with our Enterprise Risk Management program, alongside other company risks. Our Enterprise Risk professionals consult with company subject matter experts to gather information necessary to identify cybersecurity risks, and evaluate their nature and severity, as well as identify mitigations.
Due diligence reviews are conducted against third-party vendors who may pose a risk to the security of our Company’s critical data and systems. Such reviews assess the privacy and cybersecurity standards of third parties and any associated risks that require mitigation prior to being granted access to Company resources and information. Risks associated with third parties are assessed, managed and communicated in accordance with our Enterprise Risk Management program.
Material cybersecurity risks are assessed and managed by members of management with relevant expertise to ensure they are handled in a manner that is commensurate with their potential impact on the business if realized. Such risks have not had a material effect on the company to date. Management members include the Vice President of Security and the Chief Technology Officer ("CTO"). Our CTO brings over 20 years of experience in cybersecurity, having led large-scale security initiatives across cloud, financial services, and enterprise software. Our Vice President of Security has served various roles in information security and has attained undergraduate and graduate degrees in relevant fields, as well as professional certifications including Certified Information Security Manager, Certified ISO 27001 Lead Implementer, and Certified GDPR Practitioner.
The Risk Management Steering Committee maintains oversight of our cybersecurity risk posture. It is chaired by the Chief Risk Officer with contribution from the Vice President of Security and includes Executive-level representation including the Chief Executive Officer, Chief Financial Officer and Chief Legal Officer. The Committee meets regularly to discuss the management of cybersecurity risks and incidents and will further disseminate any material information to the wider Executive-team and the Genius Board. The Genius Board has delegated to the Audit Committee top-level oversight of Company risks, including cybersecurity risks. The Audit Committee receives updates on both a scheduled and ad hoc basis, as and when required.
The threat landscape continues to evolve and attacks are becoming increasingly sophisticated, particularly with advancements in AI and its increased accessibility. Despite our efforts to embed effective security controls and practices, we expect that we will not be able to anticipate and protect against all cybersecurity threats, and incidents can always arise due to human error. This is reflected in Part I, Item 3D, "Risk Factors,", specifically the risks described under "Risks Related to Genius Sports Group’s Technology, Intellectual Property, and Infrastructure."
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|We have a dedicated Information Security function, led by our Vice President of Information Security, to maintain oversight of our Information Security Management System ("ISMS"),
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Management members include the Vice President of Security and the Chief Technology Officer ("CTO"). Our CTO brings over 20 years of experience in cybersecurity, having led large-scale security initiatives across cloud, financial services, and enterprise software. Our Vice President of Security has served various roles in information security and has attained undergraduate and graduate degrees in relevant fields, as well as professional certifications including Certified Information Security Manager, Certified ISO 27001 Lead Implementer, and Certified GDPR Practitioner.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|The Company conducts monitoring for cybersecurity incidents and threats using various security technology with support from a managed SOC service, providing continuous monitoring and response.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef