|
Cybersecurity Risk Management, Strategy and Governance
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Item 1C. Cybersecurity
Cybersecurity Risk Management and Strategy
Identifying, assessing, and managing material risks associated with “cybersecurity threats,” as such term is defined in Item 106(a) of Regulation S-K, is important to Bitcoin Depot. Among the risks we strive to address and mitigate are the disruption of our business operations and the loss of personal and confidential data due to cybersecurity incidents, fraud, or extortion.
We integrate the identification, assessment, and management of cybersecurity risks into our overall risk management systems and processes. We detect and address such risks from cybersecurity threats in several ways, including through third-party assessments, internal governance, risk and compliance, participation in industry groups to obtain intel, IT audits, and IT security reviews. To protect against, detect, and respond to cybersecurity incidents, we, among other things, leverage intrusion prevention and detection systems, perform penetration testing, conduct employee training, monitor emerging laws and regulations related to data protection and information security, and implement appropriate changes to comply with the identified emerging laws and regulations. To effectuate these processes, we regularly engage third-party auditors and advisors to assess our cybersecurity programs and ensure compliance with applicable guidelines, standards, and industry best practices.
Senior management, including our Bitcoin Depot’s Chief Technology Officer, Chief Information Security Officer, Cybersecurity Operations Director, Chief Financial Officer and General Counsel are responsible for implementing these security measures, as well
as being involved in all aspects of cybersecurity incident response and data breach management processes. Bitcoin Depot’s incident management plan provides a roadmap for responding to and categorizing incidents. Bitcoin Depot’s IT and cybersecurity teams collaborate with other company stakeholders to develop strategies for mitigating and responding to identified cybersecurity events.
Our cybersecurity threat and risk management processes also involve assessing third-party risks. We maintain a Vendor Management Policy pursuant to which we assign a risk rating and assess third-party risks by conducting cybersecurity due diligence on our vendors, suppliers, and other entities with whom we do business. Due diligence includes, as appropriate, either requiring proof of security standard compliance or satisfactory responses to our Vendor Assessment Security Questionnaire. We also evaluate the cyber practices of, and cybersecurity risks associated with, the engagement of third-party service providers, including when we negotiate cybersecurity and data privacy contract terms, such as those relating to information security and audit rights.
Although we constantly evaluate cyber risks, we are unaware of any prior cybersecurity incidents that have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial conditions.
Cybersecurity Governance
Our Board of Directors and management prioritize cybersecurity. Although our full Board of Directors is generally responsible for cybersecurity risk management, it has assigned principal oversight responsibility of risks from cybersecurity threats to our Audit Committee. As described above, management is also responsible for assessing and managing risks from cybersecurity threats, and designated management personnel, including our Chief Technology Officer, Chief Information Security Officer, Cybersecurity Operations Director, Chief Financial Officer and General Counsel and Corporate Secretary meet quarterly as a Risk Committee to determine cybersecurity matters to be shared with the Audit Committee. The Risk Committee provides the Audit Committee updates on such matters on at least a quarterly basis. The Audit Committee reports cybersecurity risks to the full Board during quarterly meetings.
The members of senior management involved in managing our material risks from cybersecurity threats, including our Chief Technology Officer, Chief Information Security Officer, Cybersecurity Operations Director, Chief Financial Officer and General Counsel and Corporate Secretary are experienced in data security matters and financial reporting matters. Our Chief Information Security Officer has more than 20 years of experience in information technology and has served in multiple technology executive roles, including security-compliance-related roles and holds a degree in Computer Information Systems from Harding University. Our Chief Technology Officer holds a computer science degree and Master of Engineering in Computer Science from Massachusetts Institute of Technology and has held engineering roles in multiple financial technology companies. Our Cybersecurity Operations Director holds a Master of Science degree in computer engineering as well as a Master of Science degree in information assurance, both from Iowa State University. He has led the security operations centers for large, global data management software company, as well as a large payment processing company. Additionally, he has led audits and penetration tests as the senior manager of a consulting company. Prior to entering into the private sector, he served as a police officer where he was a detective, specializing in computer crimes and forensics. Our Chief Financial Officer has over 10 years of experience in financial statement reporting and auditing. Our General Counsel has significant experience advising on cybersecurity matters and data protection matters and building out cybersecurity and data privacy compliance program across retail-facing business lines in the financial services industry.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|
We integrate the identification, assessment, and management of cybersecurity risks into our overall risk management systems and processes. We detect and address such risks from cybersecurity threats in several ways, including through third-party assessments, internal governance, risk and compliance, participation in industry groups to obtain intel, IT audits, and IT security reviews. To protect against, detect, and respond to cybersecurity incidents, we, among other things, leverage intrusion prevention and detection systems, perform penetration testing, conduct employee training, monitor emerging laws and regulations related to data protection and information security, and implement appropriate changes to comply with the identified emerging laws and regulations. To effectuate these processes, we regularly engage third-party auditors and advisors to assess our cybersecurity programs and ensure compliance with applicable guidelines, standards, and industry best practices.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Cybersecurity Governance
Our Board of Directors and management prioritize cybersecurity. Although our full Board of Directors is generally responsible for cybersecurity risk management, it has assigned principal oversight responsibility of risks from cybersecurity threats to our Audit Committee. As described above, management is also responsible for assessing and managing risks from cybersecurity threats, and designated management personnel, including our Chief Technology Officer, Chief Information Security Officer, Cybersecurity Operations Director, Chief Financial Officer and General Counsel and Corporate Secretary meet quarterly as a Risk Committee to determine cybersecurity matters to be shared with the Audit Committee. The Risk Committee provides the Audit Committee updates on such matters on at least a quarterly basis. The Audit Committee reports cybersecurity risks to the full Board during quarterly meetings.
The members of senior management involved in managing our material risks from cybersecurity threats, including our Chief Technology Officer, Chief Information Security Officer, Cybersecurity Operations Director, Chief Financial Officer and General Counsel and Corporate Secretary are experienced in data security matters and financial reporting matters. Our Chief Information Security Officer has more than 20 years of experience in information technology and has served in multiple technology executive roles, including security-compliance-related roles and holds a degree in Computer Information Systems from Harding University. Our Chief Technology Officer holds a computer science degree and Master of Engineering in Computer Science from Massachusetts Institute of Technology and has held engineering roles in multiple financial technology companies. Our Cybersecurity Operations Director holds a Master of Science degree in computer engineering as well as a Master of Science degree in information assurance, both from Iowa State University. He has led the security operations centers for large, global data management software company, as well as a large payment processing company. Additionally, he has led audits and penetration tests as the senior manager of a consulting company. Prior to entering into the private sector, he served as a police officer where he was a detective, specializing in computer crimes and forensics. Our Chief Financial Officer has over 10 years of experience in financial statement reporting and auditing. Our General Counsel has significant experience advising on cybersecurity matters and data protection matters and building out cybersecurity and data privacy compliance program across retail-facing business lines in the financial services industry.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Although our full Board of Directors is generally responsible for cybersecurity risk management, it has assigned principal oversight responsibility of risks from cybersecurity threats to our Audit Committee.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Risk Committee provides the Audit Committee updates on such matters on at least a quarterly basis. The Audit Committee reports cybersecurity risks to the full Board during quarterly meetings.
|Cybersecurity Risk Role of Management [Text Block]
|management is also responsible for assessing and managing risks from cybersecurity threats, and designated management personnel, including our Chief Technology Officer, Chief Information Security Officer, Cybersecurity Operations Director, Chief Financial Officer and General Counsel and Corporate Secretary meet quarterly as a Risk Committee to determine cybersecurity matters to be shared with the Audit Committee. The Risk Committee provides the Audit Committee updates on such matters on at least a quarterly basis. The Audit Committee reports cybersecurity risks to the full Board during quarterly meetings.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Although our full Board of Directors is generally responsible for cybersecurity risk management, it has assigned principal oversight responsibility of risks from cybersecurity threats to our Audit Committee. As described above, management is also responsible for assessing and managing risks from cybersecurity threats, and designated management personnel, including our Chief Technology Officer, Chief Information Security Officer, Cybersecurity Operations Director, Chief Financial Officer and General Counsel and Corporate Secretary meet quarterly as a Risk Committee to determine cybersecurity matters to be shared with the Audit Committee.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|
The members of senior management involved in managing our material risks from cybersecurity threats, including our Chief Technology Officer, Chief Information Security Officer, Cybersecurity Operations Director, Chief Financial Officer and General Counsel and Corporate Secretary are experienced in data security matters and financial reporting matters. Our Chief Information Security Officer has more than 20 years of experience in information technology and has served in multiple technology executive roles, including security-compliance-related roles and holds a degree in Computer Information Systems from Harding University. Our Chief Technology Officer holds a computer science degree and Master of Engineering in Computer Science from Massachusetts Institute of Technology and has held engineering roles in multiple financial technology companies. Our Cybersecurity Operations Director holds a Master of Science degree in computer engineering as well as a Master of Science degree in information assurance, both from Iowa State University. He has led the security operations centers for large, global data management software company, as well as a large payment processing company. Additionally, he has led audits and penetration tests as the senior manager of a consulting company. Prior to entering into the private sector, he served as a police officer where he was a detective, specializing in computer crimes and forensics. Our Chief Financial Officer has over 10 years of experience in financial statement reporting and auditing. Our General Counsel has significant experience advising on cybersecurity matters and data protection matters and building out cybersecurity and data privacy compliance program across retail-facing business lines in the financial services industry.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|The Audit Committee reports cybersecurity risks to the full Board during quarterly meetings.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef