|
Cybersecurity Risk Management, Strategy, and Governance
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
ITEM 1C. CYBERSECURITY
In today’s digital world, protecting our systems and data from cyberattacks and unintentional or malicious breaches is a priority for our leadership and Board of Directors. Our cybersecurity team is overseen by our Senior Vice President and Chief Technology Officer, who is directly supported by our Vice President of IT and Station Operations and our Senior Director of IT Security and Compliance. This leadership team has decades of experience leading cybersecurity oversight and managing our organization’s cybersecurity risks. Team members who support our information security program have relevant educational, industry experience, and technical certifications. The technical leadership team provides quarterly and annual cybersecurity updates to our Board of Directors, briefing the Board on our cyber program, industry trends and risks, and any incidents the Company has experienced. Directors with experience in cybersecurity and technology play crucial roles in strategy, innovation, and oversight of the Company’s technology investments. The Board oversees our annual enterprise risk assessment, where we assess key risks within the Company, including security and technology risks and cybersecurity threats.
TEGNA uses the National Institute of Standards and Technology (NIST) Cybersecurity Framework and has clearly defined policies and standards for all employees and technical systems. We use external subject matter experts to provide independent assessments of the cybersecurity program. Following the NIST Cybersecurity Framework, TEGNA utilizes internal reporting, policies, software, training programs, secure software development coding practices and hardware solutions to protect and monitor our environment, including multifactor authentication on all critical systems, firewalls, intrusion, detection and prevention systems, vulnerability and penetration testing and identity management systems. Our network is continuously monitored using prevailing industry tools, and our cybersecurity team promptly investigates any anomalies. TEGNA has an extensive patching and software update program, and performance metrics are reported to our Board. All new employees are required to take a cybersecurity training course, and we have mandatory quarterly training modules for all employees.
We maintain third-party vendor policies and practices to identify, prioritize, and mitigate and remediate third party risk. Third-party access is narrowly limited in scope, granting access only to necessary systems with the lowest level of privileges required. Third-party access is monitored, and accounts are reviewed and attested to on a quarterly basis. TEGNA relies on third parties to implement security programs commensurate with their risk, and we cannot ensure in all circumstances that their efforts will be successful.
TEGNA has documented and tested incident response plans, which outline the steps to be followed from incident detection to containment, recovery, and notification, including notifying functional areas, as well as senior leadership and the Board, as appropriate. With assistance from third-party cybersecurity experts, TEGNA regularly conducts cybersecurity tabletop exercises with leadership and technical teams. TEGNA conducts compliance reviews of all cybersecurity policies and procedures at least annually and utilizes an outside cybersecurity firm to evaluate the overall program. Business units are required to attest to applicable TEGNA security controls monthly.
Notwithstanding the extensive approach TEGNA takes to cybersecurity, we face a number of cybersecurity risks in connection with our business. Although to date such risks have not materially affected us, including our business strategy, results of operations or financial condition, we have from time-to-time experienced threats to our information systems and data. For more information about the cybersecurity risks we face, see Item 1A. “Risk Factors”.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]
|Although to date such risks have not materially affected us, including our business strategy, results of operations or financial condition, we have from time-to-time experienced threats to our information systems and data.
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
In today’s digital world, protecting our systems and data from cyberattacks and unintentional or malicious breaches is a priority for our leadership and Board of Directors. Our cybersecurity team is overseen by our Senior Vice President and Chief Technology Officer, who is directly supported by our Vice President of IT and Station Operations and our Senior Director of IT Security and Compliance. This leadership team has decades of experience leading cybersecurity oversight and managing our organization’s cybersecurity risks. Team members who support our information security program have relevant educational, industry experience, and technical certifications. The technical leadership team provides quarterly and annual cybersecurity updates to our Board of Directors, briefing the Board on our cyber program, industry trends and risks, and any incidents the Company has experienced. Directors with experience in cybersecurity and technology play crucial roles in strategy, innovation, and oversight of the Company’s technology investments. The Board oversees our annual enterprise risk assessment, where we assess key risks within the Company, including security and technology risks and cybersecurity threats.
TEGNA uses the National Institute of Standards and Technology (NIST) Cybersecurity Framework and has clearly defined policies and standards for all employees and technical systems. We use external subject matter experts to provide independent assessments of the cybersecurity program. Following the NIST Cybersecurity Framework, TEGNA utilizes internal reporting, policies, software, training programs, secure software development coding practices and hardware solutions to protect and monitor our environment, including multifactor authentication on all critical systems, firewalls, intrusion, detection and prevention systems, vulnerability and penetration testing and identity management systems. Our network is continuously monitored using prevailing industry tools, and our cybersecurity team promptly investigates any anomalies. TEGNA has an extensive patching and software update program, and performance metrics are reported to our Board. All new employees are required to take a cybersecurity training course, and we have mandatory quarterly training modules for all employees.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Board oversees our annual enterprise risk assessment, where we assess key risks within the Company, including security and technology risks and cybersecurity threats.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The technical leadership team provides quarterly and annual cybersecurity updates to our Board of Directors, briefing the Board on our cyber program, industry trends and risks, and any incidents the Company has experienced.
|Cybersecurity Risk Role of Management [Text Block]
|Our cybersecurity team is overseen by our Senior Vice President and Chief Technology Officer, who is directly supported by our Vice President of IT and Station Operations and our Senior Director of IT Security and Compliance. This leadership team has decades of experience leading cybersecurity oversight and managing our organization’s cybersecurity risks. Team members who support our information security program have relevant educational, industry experience, and technical certifications. The technical leadership team provides quarterly and annual cybersecurity updates to our Board of Directors, briefing the Board on our cyber program, industry trends and risks, and any incidents the Company has experienced. Directors with experience in cybersecurity and technology play crucial roles in strategy, innovation, and oversight of the Company’s technology investments. The Board oversees our annual enterprise risk assessment, where we assess key risks within the Company, including security and technology risks and cybersecurity threats.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Our cybersecurity team is overseen by our Senior Vice President and Chief Technology Officer, who is directly supported by our Vice President of IT and Station Operations and our Senior Director of IT Security and Compliance.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|This leadership team has decades of experience leading cybersecurity oversight and managing our organization’s cybersecurity risks. Team members who support our information security program have relevant educational, industry experience, and technical certifications.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|The technical leadership team provides quarterly and annual cybersecurity updates to our Board of Directors, briefing the Board on our cyber program, industry trends and risks, and any incidents the Company has experienced.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef