Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
|---|---|
Mar. 31, 2025 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] | Risk Management and Strategy We maintain a comprehensive process for identifying, assessing, and managing material risks from cybersecurity threats as part of our broader risk management system and processes. This cybersecurity risk management process includes a wide variety of mechanisms, controls, technologies, methods, systems, and other processes that are designed to prevent, detect, or mitigate data loss, theft, misuse, unauthorized access and other security incidents and vulnerabilities. As part of our cybersecurity risk management process, we conduct regular application security assessments, vulnerability management, external penetration testing, security audits, and risk assessments. We leverage third-party security service providers to provide continuous and uninterrupted identification and mitigation of risk-prioritized security events. We maintain an incident response plan that is utilized when incidents are detected. Our incident response plan coordinates the activities that we and our third-party cybersecurity provider take to prepare to respond, recover from and mitigate cybersecurity incidents, which include processes to assess severity, investigate, escalate, contain, and remediate an incident, as well as to comply with potentially applicable legal obligations and mitigate brand and reputational harm. We require employees with access to information systems, including all corporate employees, to undertake data protection, cybersecurity, privacy and compliance programs at least annually. We maintain a team of dedicated security and compliance professionals who oversee cybersecurity risk management, mitigation, incident prevention, detection, and remediation, which is led by our Chief Information Security Officer. The team has deep cybersecurity experience with an average tenure of over 20 years with expertise in protecting critical assets for top firms in a myriad of different industries. We leverage SOC 2 Type 2 attestation framework to determine the operating effectiveness of our internal security controls and use NIST Cybersecurity framework to better understand, manage and reduce cybersecurity risk and protect our business from ever-changing cyber threats. We achieved SOC 2 Type 2 attestation this fiscal year, demonstrating the operating effectiveness of our internal security controls and our commitment to industry-leading information security standards. This attestation provides assurance to stakeholders that Digital Turbine’s systems and processes are regularly audited by independent third parties to verify compliance with rigorous security and privacy requirements. As part of our cybersecurity risk management process, we contractually require third-party service providers to implement and maintain key security measures in connection with their work with us when appropriate that is consistent with applicable laws. Additionally, our third-party service providers are to promptly report any breach of their security measures or systems that may affect our Company. Our security and compliance professionals track and log privacy and security incidents across our vendors and other third-party service providers to remediate and resolve any such incidents. Significant incidents associated with our vendors and service providers are reviewed regularly to determine whether further escalation is appropriate. Any incident assessed as potentially being or potentially becoming material is immediately escalated for further assessment, and then reported to designated members of our senior management.
|
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Processes Integrated [Text Block] | We maintain a comprehensive process for identifying, assessing, and managing material risks from cybersecurity threats as part of our broader risk management system and processes. This cybersecurity risk management process includes a wide variety of mechanisms, controls, technologies, methods, systems, and other processes that are designed to prevent, detect, or mitigate data loss, theft, misuse, unauthorized access and other security incidents and vulnerabilities.
|
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Board of Directors Oversight [Text Block] | Governance Our executive leadership team, along with input from the above team, are responsible for our overall enterprise risk management system and processes and regularly consider cybersecurity risks in the context of other material risks to the Company. Senior management regularly discusses on at least a quarterly basis and otherwise as needed, cyber risks and trends and, should they arise, any material incidents with the Audit Committee. The Audit Committee has oversight responsibility over our cybersecurity risk management process, including risks and incidents relating to cybersecurity threats, including compliance with disclosure requirements, cooperation with law enforcement, and related effects on financial and other risks, and it reports any findings and recommendations, as appropriate, to the full Board for consideration.
|
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | The Audit Committee has oversight responsibility over our cybersecurity risk management process |
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | The Audit Committee has oversight responsibility over our cybersecurity risk management process, including risks and incidents relating to cybersecurity threats, including compliance with disclosure requirements, cooperation with law enforcement, and related effects on financial and other risks, and it reports any findings and recommendations, as appropriate, to the full Board for consideration. |
| Cybersecurity Risk Role of Management [Text Block] | Senior management regularly discusses on at least a quarterly basis and otherwise as needed, cyber risks and trends and, should they arise, any material incidents with the Audit Committee. |
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | Our executive leadership team, along with input from the above team, are responsible for our overall enterprise risk management system and processes and regularly consider cybersecurity risks in the context of other material risks to the Company. |
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | The team has deep cybersecurity experience with an average tenure of over 20 years with expertise in protecting critical assets for top firms in a myriad of different industries. |
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | Senior management regularly discusses on at least a quarterly basis and otherwise as needed, cyber risks and trends and, should they arise, any material incidents with the Audit Committee. |
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |