Morphic Holding, Inc. 10-K Cybersecurity GRC - 2024-02-22

Page last updated on April 11, 2024

Morphic Holding, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-22 07:07:04 EST.

Filings

10-K filed on 2024-02-22

Morphic Holding, Inc. filed an 10-K at 2024-02-22 07:07:04 EST
Accession Number: 0001679363-24-000013

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity We have integrated our cybersecurity risk management processes into our overall risk management framework. Cybersecurity risks are considered alongside other operational, financial, and strategic risks, enabling the development of a comprehensive and cohesive enterprise-wide risk mitigation strategy. Our cybersecurity risk management program is managed by a team comprised of key members of management and our information technology department, including our Chief Financial Officer, Chief Accounting Officer, General Counsel, and Senior Director of Information Technology. This team is responsible for leading our enterprise-wide cybersecurity strategy and managing our processes for preventing, detecting, mitigating, and remediating cybersecurity incidents, including through policy development, the establishment and implementation of standards, processes, and technical safeguards designed to protect our information systems from cybersecurity threats and efforts to educate our employees, consultants and other third parties we work with on cybersecurity threats and the Company s policies and procedures in this area. The team also engages in continuous monitoring, regular reporting, testing, and collaboration with external entities to stay informed about evolving threats. The individuals listed above possess relevant expertise in information technology and cybersecurity and background knowledge, and our Senior Director of Information Technology has served in various roles in information technology and information security for approximately twenty-five years. Our Board of Directors ( Board ) oversees our overall enterprise risk management process, and the Audit Committee of the Board (the Audit Committee ) supports the Board in its oversight of cybersecurity and other information technology risks, controls and procedures, including our plans to mitigate cybersecurity risks and respond to data breaches. The Board and the Audit Committee each receive periodic presentations and reports on cybersecurity risks, which address a wide range of topics including recent developments, evolving standards, vulnerability assessments, third-party and independent reviews, the threat environment, technological trends and information security considerations arising with respect to our peers and third parties. The Board and the Audit Committee also receive prompt and timely information regarding any cybersecurity incident that meets established reporting thresholds, as well as ongoing updates regarding any such incident until it has been addressed. To enhance the effectiveness of its cybersecurity processes, we also engage third-party assessors, consultants, and auditors with specialized expertise. These third-parties conduct independent evaluations, providing an additional layer of scrutiny to identify and address potential vulnerabilities, and testing. Our cybersecurity risk management program is regularly evaluated by our own information technology employees and these third-parties with the results of those reviews reported to management and the Audit Committee. These reports include updates on the Company s cyber risks and threats, the status of projects to strengthen our information security systems, assessments of the information security program, and the emerging threat landscape. To date, we have not identified any risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected or are reasonably likely to materially affect us, including our operations, business strategy, operating results, or financial condition. However, we acknowledge the dynamic nature of cyber threats and the potential for future incidents to have a material impact. If we were to experience a material cybersecurity incident in the future, such incident may have a material effect, including on our operations, business strategy, operating results, or financial condition. For more information regarding cybersecurity risks that we face and potential impacts on our business related thereto, see the section titled Risk Factors in Part I, Item 1A of this Annual Report on Form 10-K.

Company Information