Microbot Medical Inc. 10-K Cybersecurity GRC - 2024-03-27

Page last updated on April 11, 2024

Microbot Medical Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-27 16:30:58 EDT.

Filings

10-K filed on 2024-03-27

Microbot Medical Inc. filed an 10-K at 2024-03-27 16:30:58 EDT
Accession Number: 0001493152-24-011521

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Since our formation, we have been primarily focused on research and development activities and pursuing FDA approval of our planned products. We have 22 employees and currently use third-party vendors and service providers for certain product development and regulatory approval activities. We use a third-party sub-contractor to manage all Information Technology (IT) issues, including protection against, detection, and response to cyberattacks. The measures that are taken to ensure proper protection include: All computers are protected using a cloud-powered endpoint security solution that helps enterprises prevent, detect, investigate, and respond to advanced threats on their networks. It offers endpoint protection, endpoint detection and response, mobile threat defense, and integrated vulnerability management. It also provides, among other things, malware and spyware detection and remediation, rootkit detection and remediation and network vulnerability detection. All Company computer hard drives are automatically encrypted. All Company e-mails are protected by a cloud-based email filtering service designed to protect the Company against advanced threats related to email and collaboration tools. Periodically, all users on the Company s computer network are required to perform multi-factor authentication. The Company uses a cloud-based identity and access management service that enables access to external resources. Backup is performed using a secure, automatic cloud-based backup and restore service. Additionally, we believe that our third-party vendors and service providers have their own respective cybersecurity protocols which our management believes to be adequate for protecting any of the Company s data that might be in their possession from time to time however, having such protocols is not necessarily a condition for us using or not using the services of any such vendors or providers. Our Chief Technology Officer and General Manager is responsible for assessing and managing cybersecurity risks, through his oversight of our IT service provider that manages our IT, but he does not have specific cybersecurity expertise. The Company has an Information Technology Policy that, among other things, governs and provides for cybersecurity policies and processes, including to define safety measures to protect the Company s confidentiality, integrity and availability of data and other intellectual property, as well as to define the manner in which information is stored, saved and routed in the Company s network. Additionally, the Board and management believe cybersecurity represents an important component of the Company s overall approach to risk management and oversight, especially as the Company moves towards commercialization of its first product. Cybersecurity threats have not materially affected, and are not reasonably likely to affect, the Company, including its business strategy, results of operations or financial condition while we are strategically focused on pursuing FDA approval and have pre-commercial operations. The Company is not aware of any material security breach to date. Accordingly, the Company has not incurred any expenses over the last two years relating to information security breaches. The occurrence of cyber-incidents, or a deficiency in our cybersecurity or in those of any of our third-party service providers could negatively impact our business by causing a disruption to our operations, a compromise or corruption of our confidential information and systems, or damage to our business relationships or reputation, all of which could negatively impact our business and results of operations. There can be no assurance that the Company s third-party vendors and service providers cybersecurity risk management processes, including their policies, controls or procedures, will be fully implemented, complied with or effective in protecting the Company s systems and information.

Company Information