INSMED Inc 10-K Cybersecurity GRC - 2026-02-19

Page last updated on February 19, 2026

INSMED Inc reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-02-19 07:01:18 EST.

Filings

10-K filed on 2026-02-19

INSMED Inc filed a 10-K at 2026-02-19 07:01:18 EST
Accession Number: 0001104506-26-000009

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY We incorporate assessment of our cybersecurity initiatives into our Enterprise Risk Management program. The Enterprise Risk Management program evaluates risk areas including, but not limited to, operational risk, intellectual property theft, fraud, harm to employees, patients, or third parties, and violation of privacy or security-related laws or regulations. As part of our efforts to mitigate cyber risk, we have implemented cybersecurity processes, technologies, and controls designed to identify and manage potential material cyber risks and have obtained cyber-specific insurance coverage. We employ a range of tools and services, including regular network and endpoint monitoring, managed detection and response, system patching, managed security services, server and endpoint scheduled backups, awareness training and testing, periodic vulnerability assessment and penetration testing, to update our ongoing risk identification and mitigation efforts. We have a cybersecurity assessment process, which helps identify our cybersecurity risks by comparing our processes to standards set by the National Institute of Standards and Technology. Our processes also assess cybersecurity risks associated with our use of third-party service providers. We proactively engage with key vendors, industry participants, and law enforcement/cyber threat intelligence communities as part of our continuing efforts to evaluate and enhance the effectiveness of our information security policies and procedures. Our information security program is managed by a senior director who reports to the Chief Information Officer (CIO), providing routine security program updates and briefings. The current senior director has more than 25 years of experience in cybersecurity, federal law enforcement, and cyber investigations, while possessing the required subject matter expertise, skills, experience, and industry certifications expected of an individual assigned to these duties. Our information security team, which includes the CIO and senior director, as well as additional professionals , is responsible for leading enterprise-wide cybersecurity strategy, policy, standards, and processes. Our CIO provides regular updates to our Chief Executive Officer and other members of management. The Audit Committee of the Board of Directors is responsible for oversight of the Company's cybersecurity risk exposure and the CIO provides reports to the Audit Committee, as well as the full Board of Directors, at least annually. The reports to management and our Board include updates on the Company's cyber risks and threats, the status of projects to strengthen our information security systems, assessments of the information security program, and the emerging threat landscape. Based on the information available to us as of the filing date of this Annual Report on Form 10-K, we are not aware of any cybersecurity incidents, directly or indirectly, that have materially affected or are reasonably likely to materially affect our business, results of operations, or financial condition. For more information regarding our risks from cybersecurity threats, see "Risk Factors - Risks Related to the Operation of our Business - Our business and operations, including our drug development and commercialization programs, may be materially disrupted and/or subject to reputational harm in the event of system failures, security breaches, cyber-attacks, deficiencies in cybersecurity, violations of data protection laws or data loss or damage by us or third parties." 67

Company Information