uniQure N.V. 10-K Cybersecurity GRC - 2024-02-28

Page last updated on April 11, 2024

uniQure N.V. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-28 07:51:22 EST.

Filings

10-K filed on 2024-02-28

uniQure N.V. filed an 10-K at 2024-02-28 07:51:22 EST
Accession Number: 0001558370-24-001915

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. Cybersecurity Risk Management and Strategy We recognize the importance of assessing, identifying, and managing material risks associated with cybersecurity threats, as such term is defined in Item 106(a) of Regulation S-K. These risks include, among other things, operational risks, the risk of intellectual property theft, fraud, harm to employees or third parties with which we conduct business and violation of data privacy or security laws. Identifying and assessing cybersecurity risk is integrated into our overall risk management systems and processes. Cybersecurity risks related to our business are identified and addressed through a multi-faceted approach that consists of third-party assessments, testing of our information systems and information technology security. To defend against, detect and respond to cybersecurity incidents, we, among other things: have enabled regular monitoring of our environment by a combination of external partners and internal security tools, conduct employee trainings, monitor emerging laws and regulations related to data protection and information security and implement appropriate changes. Consistent with our cybersecurity risk management policies and controls, we have prepared an incident response plan with several components, including: (i) engagement of a third party security operations center for regular vulnerability scanning and technical monitoring of our systems, (ii) detection and analysis of cybersecurity incidents that present risk of unauthorized access to company assets, including the escalation and triaging of incidents that present acute risks to our business, (iii) containment, eradication and data recovery, and (iv) post-incident analysis. Such incident responses are overseen by leaders from our information technology, finance, legal and compliance teams. Cybersecurity events and data incidents are evaluated, assessed based on severity and prioritized for response and remediation. Under our incident response plan and related policies, incidents are evaluated to determine materiality as well as operational and business impact and reviewed for privacy impact. Our team of cybersecurity professionals then collaborate with technical and business stakeholders to further analyze the risk to the company, and form detection, mitigation and remediation strategies. As part of the above processes, we regularly engage external consultants to assess our internal cybersecurity programs and compliance with applicable practices and standards. Cybersecurity Governance Cybersecurity is an important part of our risk management processes and an area of focus for our board of directors and management team. Our board of directors has delegated responsibility to the Audit Committee for the oversight of risks from cybersecurity threats. Members of the Audit Committee receive regular updates from senior management, including leaders from our information technology, legal and compliance teams regarding matters of cybersecurity. This includes existing and new cybersecurity risks, information on how management is addressing and/or mitigating those risks, cybersecurity incidents (if any) and status on key information security initiatives. Despite our cybersecurity efforts, we may not be successful in preventing or mitigating a cybersecurity incident that could have a material adverse effect on our business. For a discussion of cybersecurity risks applicable to us, see Part I, Item 1A, Risk Factors , under the heading Our internal computer systems, or those of our collaborators or other contractors or consultants, may fail or suffer security breaches, which could result in a material disruption of our product development programs in this Annual Report on Form 10-K. 80 Table of Contents

Company Information