Eiger BioPharmaceuticals, Inc. 10-K Cybersecurity GRC - 2024-04-08

Page last updated on April 11, 2024

Eiger BioPharmaceuticals, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-04-08 17:19:20 EDT.

Filings

10-K filed on 2024-04-08

Eiger BioPharmaceuticals, Inc. filed an 10-K at 2024-04-08 17:19:20 EDT
Accession Number: 0001628280-24-015297

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. Cybersecurity As cyber-attacks become more prevalent, we ve taken action to mitigate the threat to our business. As described in more detail below and as part of our risk management program, we have established policies and processes for assessing, identifying, and managing material risks from cybersecurity threats. Cybersecurity is a critical element of this program. Risk Management and Strategy Management along with the support of a third-party IT firm are responsible for the day-to-day administration of our risk management program and our cybersecurity policies, processes, and practices. Identification and Reporting We implemented a cross-functional approach to assessing, identifying, and managing material cybersecurity threats and incidents. We have put in place controls and procedures to identify, classify, and escalate certain cybersecurity incidents to provide management visibility and obtain direction from management as to the public disclosure and reporting of material incidents in a timely manner. Incidents are reported and tracked through our third-party IT firm’s online support system. Technical Safeguards We implemented technical safeguards that are designed to protect our information systems from cybersecurity threats, including firewalls, intrusion prevention and detection systems, anti-malware functionality, and access controls, which are evaluated and improved through quarterly vulnerability assessments and cybersecurity threat intelligence, as well as outside periodic audits and certifications. Incident Response and Recovery Planning We have established and maintain comprehensive incident response, business continuity, and disaster recovery plans designed to address our response to a cybersecurity incident. Third-Party Risk Management We maintain a risk-based approach to identifying and overseeing material cybersecurity threats presented by third parties, including vendors, service providers, and other external users of our systems, as well as the systems of third parties that could adversely impact our business in the event of a material cybersecurity incident affecting those third-party systems, including any outside auditors or consultants who advise on our cybersecurity systems. Education and Awareness We provide mandatory training for all employees and consultants regarding cybersecurity threats. The goal of the training is to equip our employees with tools and to raise their awareness of cybersecurity risks the Company faces. We conduct random training campaigns via email to test their knowledge and responses. We regularly communicate tips and current events to keep cybersecurity top of mind. Governance Board Oversight Our Board of Directors, in coordination with our Audit Committee, oversees our risk management program, including the management of cybersecurity threats. Our Audit Committee receive quarterly updates on developments in the cybersecurity space, including risk management practices, recent developments, evolving standards, vulnerability assessments, third-party and independent reviews, the threat environment, technological trends, and information security issues encountered by our peers and third parties. In the event of a material incident, our Board of Directors and our Audit Committee would receive from management prompt and timely information regarding any cybersecurity risk that meet reporting thresholds, as well as ongoing updates regarding any such risk. Table of Contents Management s Role Management along with the support of a third-party IT firm are responsible for the day-to-day administration of our risk management program and our cybersecurity policies, processes, and practices. On a monthly basis, the cross functional team meets to discuss current trends in cybersecurity threats and the response required to eliminate the threats. As of the date of this report, we have not identified any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, that have materially affected us, our business strategy, results of operation or financial condition. For more information about the risks we face from cybersecurity incidents, please refer to Part I, Item 1A. Risk Factors of this report, including under the caption Failure in our information technology and storage systems or our security measures, including without limitation, data breaches, or inadequacy of our business continuity and disaster recovery plans and procedures, could significantly disrupt the operation of our business .

Company Information