Cue Biopharma, Inc. 10-K Cybersecurity GRC - 2024-03-28

Page last updated on April 11, 2024

Cue Biopharma, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-28 16:15:51 EDT.

Filings

10-K filed on 2024-03-28

Cue Biopharma, Inc. filed an 10-K at 2024-03-28 16:15:51 EDT
Accession Number: 0000950170-24-038059

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. Cybersecurity Risk Management and Strategy We have policies, procedures, and processes for assessing, identifying, and managing cybersecurity risks, which are built into our overall information technology function and are designed to help protect our information assets and operations from internal and external cyber threats as well as secure our networks and systems. Such processes include procedural and technical safeguards, response plans, and routine review of our policies and procedures to identify risks and improve our practices. Our security incident response plan is designed to help coordinate our response to, and recovery from, any cybersecurity incidents, and includes processes to assess the severity of, escalate, contain, investigate, and remediate such incidents as well as to comply with applicable legal obligations. We engage certain external parties to enhance our cybersecurity processes and strategies. Depending on the nature of the services provided, the sensitivity and quantity of information processed, and the identity of the service provider, we evaluate the security and risk posture of such providers according to the perceived level of risk and in accordance with industry standard best practices. The Audit Committee of the board of directors provides direct oversight over cybersecurity risk and provides regular updates to the board of directors regarding such oversight. The Audit Committee regularly meets with members of management responsible for data privacy, technology, and information security risks to discuss these risks, risk management activities, incident response plans, best practices, the effectiveness of our security measures, and other related matters. Our Senior Director of Information Technology and Cyber Security, who reports to our Chief Financial Officer, leads the operational oversight of company-wide cybersecurity strategy, policy, standards, and processes and works across relevant departments to assess and help prepare us and our employees to address cybersecurity risks. Specific cybersecurity related 89 responsibilities of the Senior Director of Information Technology and Cyber Security include overseeing our processes and strategies for the detection, mitigation, and remediation of cybersecurity incidents. Our Senior Director of Information Technology and Cyber Security has over 25 years of diverse experience in information technology, including management roles at managed service providers, enabling him to effectively oversee cybersecurity risks and threats. In an effort to deter and detect cyber threats, we provide all employees, including any part-time employees, with a data protection, cybersecurity, and incident response and prevention training program designed to educate employees on the importance of identifying and reporting all potential data security incidents immediately. The training covers timely and relevant topics, including social engineering, phishing, password protection, confidential data protection, asset use, and mobile security. We also use technology-based tools to mitigate cybersecurity threats and risks and to bolster our employee-based cybersecurity programs. We do not believe that there are currently any known risks from cybersecurity threats that are reasonably likely to materially affect us or our business strategy, results of operations or financial condition. Despite our cybersecurity efforts, we may not be successful in preventing or mitigating a cybersecurity incident that could have a material adverse effect on us. See Part I, Item 1A, Risk Factors, in this Annual Report for a discussion of cybersecurity risks. We maintain cyber insurance coverage however, such insurance may not be sufficient in type or amount to cover us against claims related to security breaches, cyber-attacks, and other related breaches.

Company Information