Acrivon Therapeutics, Inc. 10-K Cybersecurity GRC - 2024-03-28

Page last updated on July 16, 2024

Acrivon Therapeutics, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-28 07:36:45 EDT.


10-K filed on 2024-03-28

Acrivon Therapeutics, Inc. filed a 10-K at 2024-03-28 07:36:45 EDT
Accession Number: 0000950170-24-037618

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. Cybersecurity Risk Management and Strategy We recognize the importance of assessing, identifying, and managing material risks associated with cybersecurity threats, as such term is defined in Item 106(a) of Regulation S-K. These risks include, among other things, operational risks; intellectual property theft; fraud; extortion; harm to employees; violation of privacy or security laws and other litigation and legal risk; and reputational risks. We have implemented several cybersecurity technologies, and controls and processes to aid in our efforts to assess, identify, and manage such risks. We are subject to cybersecurity threat risks associated with our use of third-party service providers, including independent clinical investigators, contracted laboratories and contract research organizations. Cybersecurity considerations affect the selection and oversight of these third-party service providers. We engage certain external parties, including cybersecurity and privacy firms and consultants, to provide IT support and cybersecurity oversight, and enhance our risk reduction abilities, including the engagement of a third-party to review our cybersecurity program to help identify areas for continued focus and improvement. We also use automated tools designed to monitor, identify, and address cybersecurity risks. 105 As of the date of this report, we have not identified cybersecurity threats, including as a result of any previous cybersecurity incidents, that have materially affected us, our business strategy, results of operation or financial condition. We are in the process of formalizing an incident response plan. For additional information regarding risks from cybersecurity threats, please refer to Item 1A, “Risk Factors,” of this Annual Report on Form 10-K. Cybersecurity Governance Our Head of Information Technology, who reports directly to the Chief Operating Officer, has day-to-day responsibility for preventing, mitigating and remediating cybersecurity threats and incidents. The individual currently serving in this role has two decades of experience in information technology and cybersecurity. Our Disclosure Committee evaluates the materiality of any threats and/or incidents to determine if there is any required disclosure. Our external SEC counsel is also apprised of certain threats and/or incidents that may occur and is available to advise management on any disclosure obligations. Our Board of Directors addresses our cybersecurity risk management as part of its general oversight function. The Audit Committee is responsible for overseeing our cybersecurity risk management processes, including oversight and mitigation of risks from cybersecurity threats. Periodically, the Audit Committee receives an overview from our Head of Information Technology of our cybersecurity threat risk management and strategy processes covering topics such as data security posture, results from third-party assessments, progress towards pre-determined risk-mitigation-related goals, and material cybersecurity threat risks or incidents and developments, as well as the steps management has taken to respond to such risks.

Company Information

NameAcrivon Therapeutics, Inc.
SIC DescriptionPharmaceutical Preparations
TickerACRV - Nasdaq
CategoryNon-accelerated filer
Smaller reporting company
Emerging growth company
Fiscal Year EndDecember 30