MoonLake Immunotherapeutics 10-K Cybersecurity GRC - 2024-02-29

Page last updated on May 7, 2024

MoonLake Immunotherapeutics reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-29 08:05:29 EST.

Filings

10-K filed on 2024-02-29

MoonLake Immunotherapeutics filed an 10-K at 2024-02-29 08:05:29 EST
Accession Number: 0001821586-24-000008

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity In the ordinary course of our business, we collect, use, store, and transmit digitally large amounts of confidential, sensitive, proprietary, personal, and health-related information. The secure maintenance of this information and our information technology systems is important to our operations and business strategy. To this end, we have implemented processes designed to assess, identify, and manage risks from potential unauthorized occurrences on or through our information technology systems that may result in adverse effects on the confidentiality, integrity, and availability of these systems and the data residing therein. These processes are managed and monitored by a dedicated information technology team, which is led by our Director of IT, and include mechanisms, controls, technologies, systems, and other processes designed to prevent or mitigate data loss, theft, misuse, or other security incidents or vulnerabilities affecting the data and maintain a stable information technology environment. For example, we perform daily vulnerability scans on our endpoints; we have a dedicated security operations center ( SOC ), which is run by a third-party; and we conduct data recovery testing, security audits, and ongoing risk assessments, including due diligence on our key vendors, CROs, and other contractors and suppliers. We also conduct regular employee trainings on cyber and information security, among other topics. In addition, we consult with outside advisors and experts, including our SOC, on a regular basis to assist with assessing, identifying, and managing cybersecurity risks, including to anticipate future threats and trends, and their impact on the Company s risk environment. Our Director of IT, who reports directly to the Chief Financial Officer and has over 10 years of experience managing information technology and cybersecurity matters and holds various EC-Council certifications including Certified Chief Information Security Officer , Certified Ethical Hacker and Computer Hacking Forensic Investigator , together with our senior leadership team, is responsible for assessing and managing cybersecurity risks. We consider cybersecurity, along with other significant risks that we face, within our overall enterprise risk management framework. In the last fiscal year, we have not identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected us, but we face certain ongoing cybersecurity risks threats that, if realized, are reasonably likely to materially affect us. Additional information on cybersecurity risks we face is discussed in Part I, Item 1A, Risk Factors, under the headings Failure in our information technology and storage systems or those of third parties upon whom we rely could significantly disrupt the operation of our business and adversely impact our financial condition and Our internal computer systems, or those of any of our CROs, manufacturers, other contractors or consultants or potential future collaborators, may fail or suffer security or data privacy breaches or other unauthorized or improper access to, use of, or 63 MOONLAKE IMMUNOTHERAPEUTICS FORM 10-K FOR THE YEARLY ENDED DECEMBER 31, 2023 PART I destruction of our proprietary or confidential data, employee data or personal data, which could result in additional costs, loss of revenue, significant liabilities, harm to our brand and material disruption of our operations . The Board of Directors, as a whole and at the committee level, has oversight for the most significant risks facing us and for our processes to identify, prioritize, assess, manage, and mitigate those risks. The Audit Committee, which is comprised solely of independent directors, has been designated by our Board to oversee cybersecurity risks. The Audit Committee receives regular updates on cybersecurity and information technology matters and related risk exposures from our Chief Financial Officer, as well as our Director of IT. The Board also receives updates from management and the Audit Committee on cybersecurity risks on at least an annual basis.

Company Information