TG THERAPEUTICS, INC. 10-K Cybersecurity GRC - 2026-02-27

Page last updated on February 27, 2026

TG THERAPEUTICS, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-02-27 17:05:11 EST.

Filings

10-K filed on 2026-02-27

TG THERAPEUTICS, INC. filed a 10-K at 2026-02-27 17:05:11 EST
Accession Number: 0001437749-26-006133

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Risk Management and Strategy We have implemented and maintain various information security processes designed to mitigate cybersecurity risks, on a case-by-case basis, to our critical computer networks, third party-hosted services, communications systems, hardware and software, and our critical data, including intellectual property, confidential information that is proprietary, strategic or competitive in nature, and data related to patients and clinical trials (IT Assets). The Company's information security program, which is integrated into our overall risk management processes, evaluates threats posed by internal and external factors and supports daily operational functions that prevent unauthorized access or compromise. Depending on the environment, we implement and maintain various technical, physical, and organizational measures, processes, standards and policies designed to manage and mitigate material risks from cybersecurity threats to our IT Assets, which include implementing policies and guidelines governing the individual use and protection of IT Assets by employees, employee training, and leveraging the capability of third -party service providers to support our internal cybersecurity processes. These processes are aligned with the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) and the Center for Internet Security Critical Security Controls (CIS Controls). We have implemented and maintain a documented information security incident response plan that is based on the NIST CSF and CIS Controls and is designed to support the identification, escalation, response to, and recovery from cybersecurity incidents in accordance with defined internal procedures and governance processes. The incident response plan is periodically reviewed and tested, and incidents are escalated to appropriate internal stakeholders based on the nature and potential impact of the event. We continue to monitor proposed cybersecurity disclosure rules from the SEC and alter our procedures accordingly. To further improve the effectiveness of our information security processes, we engage third -party service organizations to support monitoring aspects of the Company's information technology (IT) environment and perform assessments of certain security controls, and provide aggregate, informational monthly reports to our corporate IT Security Team regarding the results of such third -party assessments, training and vulnerability testing, data security posture, identified material cybersecurity risks and areas of improvement. Risks from cybersecurity threats have not materially affected us to date and, based on management's current assessment, are not reasonably likely to materially affect us, our business strategy, results of operations or financial condition. However, the scope and impact of any future cybersecurity incidents cannot be predicted and there can be no assurance that our information security program will be effective in preventing material cybersecurity incidents in the future. For a description of the risks from cybersecurity threats that may materially affect us and how they may do so, see our risk factors under Part 1. Item 1A. Risk Factors in this Annual Report on Form 10 -K, including the risk factor captioned " Our internal information technology systems, or those of our third -party CROs, CMOs, or other contractors or consultants, may fail or suffer security breaches, which could result in a material disruption of our drug candidates ' development programs and our commercialization of any products for which we receive regulatory approval ." Governance The Board and our Chief Executive Officer are responsible for oversight of the Company's overall risk management program, including as to cybersecurity related risks, while management is responsible for the day-to-day risk management processes. The Board receives regular reports from our Chief Executive Officer, Chief Financial Officer and other members of management, regarding material cybersecurity threats and risks, effectiveness of our information security processes and status of ongoing cybersecurity initiatives and strategies. Our information technology (IT) team, which is overseen by our Vice President of IT, is responsible for the identification, assessment and management of cybersecurity risks we face and ensuring effective implementation of the Company's overall cybersecurity efforts. Our Vice President of IT has over 25 years of experience in IT systems, including cybersecurity risk management and incident response, and holds multiple industry-recognized certifications. Our Vice President of IT receives regular reports from the corporate IT Security Team, together with information provided by our third-party service organizations that support monitoring of aspects of the Company's IT environment, regarding the Company's material cybersecurity threats and risks and the processes the Company has implemented to address them, which information is reported, as appropriate, to the Chief Financial Officer.

Company Information