PepGen Inc. 10-K Cybersecurity GRC - 2026-03-04

Page last updated on March 4, 2026

PepGen Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-03-04 16:15:51 EST.

Filings

10-K filed on 2026-03-04

PepGen Inc. filed a 10-K at 2026-03-04 16:15:51 EST
Accession Number: 0001193125-26-091536

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Cyber Risk Management and Strategy We have processes for assessing, identifying, and managing cybersecurity risks, which are built into our information technology function and are designed to help protect our information assets and operations from internal and external cyber threats, protect employee and clinical trial information from unauthorized access or attack, as well as secure our networks and systems. Such processes include physical, procedural, and technical safeguards, and routine review of our policies and procedures in an effort to identify risks and refine our practices. We engage an established IT managed service provider, with expertise in the life science industry, as well as additional external parties, to enhance our cybersecurity oversight , under the management and oversight of our Vice President of IT. In an effort to deter and detect cyber threats, we perform annual phishing tests with employees. We also require annual cybersecurity and prevention training for employees, which may cover topics such as social engineering, phishing, password protection, confidential data protection, and mobile security, and is designed to educate employees on incident reporting. We also use technology-based tools, including third-party tools and solutions, designed to detect and mitigate cybersecurity risks, protect our information technology infrastructure and digital assets, and bolster our employee-based cybersecurity programs. To date, we have not identified any cybersecurity incidents or threats that have materially affected us or are reasonably likely to materially affect us, including our business strategy, results of operations or financial condition; however, like other companies in our industry, we and our third-party vendors may, from time to time, experience threats and security incidents relating to our and our third-party vendors' information systems. For more information, see " Risk Factors-Risks Related to Employee Matters, Managing Growth and Other Operational Matters -Our internal information technology systems, or those of our vendors, collaborators or other contractors or consultants, may fail or suffer security breaches, loss or leakage of data and other disruptions or compromise, which could result in a material disruption of our product development programs, compromise sensitive information related to our business or prevent us from accessing critical information, or trigger contractual and legal obligations, potentially exposing us to liability, reputational harm or otherwise adversely affecting our business and financial results. " Governance Related to Cybersecurity Risks Our audit committee of the board of directors, or the Audit Committee, is responsible for overseeing cybersecurity risk , pursuant to the Audit Committee charter, and periodically updates our board of directors on such matters. The Audit Committee receives periodic updates from management and our Vice President, Information Technology regarding cybersecurity matters. We have a process for the Audit Committee to be notified between such updates in the event of any significant new cybersecurity threats or incidents . Management is responsible for, and is forming a committee tasked with, the operational oversight of company-wide cybersecurity strategy, policy, and standards across relevant departments to assess and help prepare us to address cybersecurity 94 risks. Our Vice President, Information Technology, supported by management, oversees the day-to-day implementation and management of our cybersecurity program. Our Vice President, Information Technology, who operates as our head of information technology, reports to the Chief Financial Officer. Our Vice President, Information Technology has over 20 years of experience in information technology and also leverages the experience of the third-party IT managed service provider. Our VP, Information Technology regularly reports to the Chief Financial Officer as well as to other executive management, including our General Counsel, on cyber matters, as appropriate .

Company Information