VBI Vaccines Inc/BC 10-K Cybersecurity GRC - 2024-04-16

Page last updated on April 16, 2024

VBI Vaccines Inc/BC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-04-16 08:01:42 EDT.

Filings

10-K filed on 2024-04-16

VBI Vaccines Inc/BC filed an 10-K at 2024-04-16 08:01:42 EDT
Accession Number: 0001493152-24-014744

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C: CYBERSECURITY We operate in the biotechnology sector, which is subject to various cybersecurity risks that could adversely affect our business, financial condition, and results of operations. These risks include intellectual property theft, fraud, extortion, harm to employees or customers, violation of privacy laws, litigation and legal risk, and reputational risk. Recognizing the critical importance of cybersecurity, we have implemented robust measures to safeguard our information systems and protect the confidentiality, integrity, and availability of our data. Our cybersecurity management program includes governance, policies, procedures, and technology to identify and mitigate risks from cybersecurity threats. Both management and the Board of Directors are actively involved in assessing cybersecurity threats and implementing preventive measures. Day-to-day assessment and management of cybersecurity risks are overseen by the Head of IT and Information Security Expert. These individuals possess relevant expertise and backgrounds in cybersecurity work, and are responsible for prevention, mitigation, detection, and remediation of cybersecurity incidents. Reports and updates are provided to the management and Board of Directors to ensure effective oversight. The Board of Directors receives an annual report from the Head of IT with respect to management of risks from cybersecurity threats. Such report covers the Company s information technology security program, including its current status, capabilities and plans. We undertake activities to prevent, detect, and minimize the effects of cybersecurity incidents, including annual risk reviews, policy reviews, and penetration tests. Business continuity, incident response, and recovery plans are in place to respond to and remedy any cybersecurity incidents. Third-party assessors, consultants, and auditors assist us in assessing and managing cybersecurity risks by providing expert advice on cybersecurity strategy, technologies, testing, and cybersecurity event monitoring. Policies and procedures are established to oversee risks associated with third-party service providers, and contractual mechanisms are in place to mitigate these risks. Third-party provider contracts are negotiated to ensure the vendor warrants maintaining industry best practices in IT security, including disaster recovery, peripheral IT security, access control, among others. To date, no cybersecurity incident has materially affected our results of operations or financial condition. However, we acknowledge that an actual or perceived breach of our security could damage our reputation, cause our existing customers to suspend or terminate our relationships, interfere with our ability to acquire new customers, interfere with progress of our clinical trials, jeopardize existing regulatory approvals or interfere with our ability to pursue regulatory approvals for our product candidates, and impact our ability to execute on our overall business strategy. We maintain a cyber liability insurance policy to pre-emptively mitigate financial risks associated with cybersecurity incidents. However, our cyber liability insurance may be inadequate or may not be available in the future on acceptable terms, or at all. In addition, our cyber liability insurance policy may not cover all claims made against us, and defending a suit, regardless of its merit, could be costly and divert management s attention from our business and operations. For further information on specific cybersecurity risk factors, please refer to Item 1A Risk Factors Our business and operations would suffer in the event of computer system failures, cyber-attacks or deficiencies in our cyber-security . 68

Company Information