Risk Oversight

The Board of Directors plays a vital role in managing the risks facing our Company. Through the Audit Committee, the Board of Directors manages potential accounting risk through oversight of disclosure controls and controls surrounding financial reporting. Senior financial executives report to the Audit Committee at each committee meeting on significant financial and accounting matters. Through the Compensation Committee, the Board of Directors manages potential risks associated with our compensation programs by ensuring that they are not structured in a way that encourages executives to take unacceptable risks. The Board of Directors in conjunction with senior management, manages the Company’s cyber-security and data risks (including privacy and storage risks) and is involved in managing operational risk through Enterprise Risk Management via quarterly reporting from various departments and disciplines within Company management and the evaluation of potential station or other business acquisitions and significant agreements at Board of Directors meetings and in between meetings, as needed. The Board of Directors confers with our general counsel and outside legal counsel, when necessary, in overseeing legal and regulatory risks.

The Company uses computers in substantially all aspects of its business operations. Its revenues are increasingly dependent on digital products. Such use exposes the Company to potential cyber incidents resulting from deliberate attacks or unintentional events. It is not uncommon for a company such as ours to be subjected to continuous attempted cyber-attacks or other malicious efforts to cause a cyber incident. These incidents can include, but are not limited to, gaining unauthorized access to digital systems for purposes of misappropriating assets or sensitive information, corrupting data or causing operational disruption. The changes in our work environment as a result of the COVID-19 pandemic could also impact the security of our systems, as well as our ability to protect against attacks and detect and respond to them quickly. The rapid adoption of some third-party services designed to enable the transition to a remote workforce also may introduce security risk that is not fully mitigated prior to the use of these services. We may also be subject to increased cyber-attacks, such as phishing attacks by threat actors using the attention placed on the pandemic as a method for targeting our personnel. We may face additional cyber-attacks as threat actors use supply chain or third-party attacks as a method for penetrating our computer systems. The results of these incidents could include, but are not limited to, loss of data, business interruption, disclosure of nonpublic information, decreased advertising revenues, misstated financial data, liability for stolen assets or information, need to pay ransom, increased cybersecurity protection costs, litigation and reputational damage adversely affecting customer or investor confidence. The Company’s Cybersecurity Committee helps mitigate cybersecurity risks. The role of the Cybersecurity Committee is to oversee cyber risk assessments, monitor applicable key risk indicators, review cybersecurity training procedures, establish cybersecurity policies and procedures, and to invest in and implement enhancements to the Company’s cybersecurity infrastructure. Investments over the past year included enhancements to monitoring systems, firewalls, and intrusion detection systems.