Werewolf Therapeutics, Inc. 10-K Cybersecurity GRC - 2024-03-07

Page last updated on April 11, 2024

Werewolf Therapeutics, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-07 07:15:40 EST.

Filings

10-K filed on 2024-03-07

Werewolf Therapeutics, Inc. filed an 10-K at 2024-03-07 07:15:40 EST
Accession Number: 0001785530-24-000012

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity We have certain processes for the identification, assessment, and mitigation of cybersecurity risks which are incorporated into our overall risk management processes in coordination with our information technology function. Such processes include physical, procedural and technical safeguards, and routine review of our policies and procedures to identify risks and improve our practices. We conduct cybersecurity training and testing for all of our employees covering timely and relevant topics, including social engineering, phishing, password protection, confidential data protection, and mobile security, and we educate employees on the importance of reporting all incidents immediately. We also use technology-based tools to mitigate cybersecurity risks and to bolster our employee-based cybersecurity programs. We engage third-party consultants to enhance our cybersecurity oversight and conduct penetration testing and vulnerability assessments. Further, we consider the cybersecurity practices of our third-party service providers, including through a general security assessment and contractual requirements, as appropriate, before engaging them in order to help protect us from any related vulnerabilities. We do not believe that there are currently any known risks from cybersecurity threats that are reasonably likely to materially affect us or our business strategy, results of operations or financial condition. For more information about the cybersecurity 87 Table of Contents risks we face, see the risk factor entitled Our internal computer systems, or those used by our third-party research institution collaborators, CROs or other contractors or consultants, may fail or suffer security breaches in the section titled Risk Factors in Part 1, Item 1A of this Annual Report. Our Director of Operations leads the operational oversight of the company-wide cybersecurity strategy, policy, standards and processes. The Director of Operations role is currently held by an individual who has over two decades of professional IT management experience and possesses the requisite education, skills and experience expected to perform such a duty. In addition, our Director of Operations as well as leaders from our operations, finance, and legal departments, are responsible for documenting, reviewing, and assessing our cybersecurity processes, monitoring for cybersecurity incidents, and periodically reporting on cybersecurity risks and risk management to the audit committee of our board of directors. The audit committee of the board of directors provides oversight of our cybersecurity risk as part of its periodic review of enterprise risk management. The audit committee provides regular updates to our board of directors regarding such oversight, including updates on the status of ongoing cybersecurity projects, the results of cybersecurity risk assessments, and the emerging cybersecurity threat landscape. Additionally, the board of directors reviews our enterprise risk management processes periodically and is notified by management between management updates regarding significant new cybersecurity threats or incidents.

Company Information