Moleculin Biotech, Inc. 10-K Cybersecurity GRC - 2024-03-22

Page last updated on April 11, 2024

Moleculin Biotech, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-22 16:05:47 EDT.

Filings

10-K filed on 2024-03-22

Moleculin Biotech, Inc. filed an 10-K at 2024-03-22 16:05:47 EDT
Accession Number: 0001437749-24-009044

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Risk Management and Strategy We have established policies and procedures for assessing, identifying, and managing material risk from cybersecurity threats, and have integrated these processes into our overall risk management systems and processes. We monitor cybersecurity threats, including any potential unauthorized occurrence on or conducted through our information systems that we use through third party providers that may result in adverse effects on the confidentiality, integrity, or availability of our information systems or any information residing therein. We conduct annual risk assessments and perform as needed updates to our risks to identify cybersecurity threats, as well as assessments in the event of a material change in our business practices that may affect information systems that are vulnerable to such cybersecurity threats. We engage consultants, third parties and auditors in connection with our risk assessment processes. These service providers assist us in designing and implementing our cybersecurity policies and procedures, as well as monitoring and testing our safeguards. Personnel at all levels and departments are made aware of our cybersecurity policies through periodic training and communications. As of December 31, 2023, and through the date of the filing of this report, we are not aware of any cybersecurity incidents that have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations or financial condition. For additional information regarding risks from cybersecurity threats, please refer to Item 1A, Risk Factors, in this Annual report on Form 10-K. Governance One of the key responsibilities of our board of directors is informed oversight of our risk management process, including risks from cybersecurity threats. Our board of directors is responsible for monitoring and assessing strategic risk exposure, and our executive officers are responsible for the day-to-day management of the material risks we face. Our board of directors administers its cybersecurity risk oversight function through the audit committee, which provides oversight of our cybersecurity program as part of its periodic review of overall risk management program. Our Chief Financial Officer and Head of IT and Cybersecurity, a consultant, are primarily responsible for assessing and managing our material risks from cybersecurity threats. In this regard, our Chief Executive Officer and Head of IT and Cybersecurity have assistance from service providers, other consultants and third parties. Our Chief Financial Officer has served as an executive officer for over twenty-five years, including over fifteen years as an executive officer of public companies. Our Head of IT and Cybersecurity has served as an information technology professional for over eight years and has held senior IT positions at multiple companies, where his primary responsibilities included maintaining direct oversight over his companies cybersecurity risks. Our Chief Financial Officer and Head of IT and Cybersecurity oversee our cybersecurity policies and procedures, including those described in Risk Management and Strategy above. Under such policies and procedures, our Chief Financial Officer and Head of IT and Cybersecurity are responsible for reporting to our audit committee regarding any cybersecurity incidents. The audit committee, in turn, provides periodic reports to our board of directors regarding our cybersecurity processes, including the results of cybersecurity risk assessments. 48 Table of Contents

Company Information