BridgeBio Oncology Therapeutics, Inc. 10-K Cybersecurity GRC - 2026-03-05

Page last updated on March 5, 2026

BridgeBio Oncology Therapeutics, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-03-05 16:40:06 EST.

Filings

10-K filed on 2026-03-05

BridgeBio Oncology Therapeutics, Inc. filed a 10-K at 2026-03-05 16:40:06 EST
Accession Number: 0001193125-26-094112

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cy bersecurity Our cybersecurity risk management program includes a number of components, such as information security program assessments and ongoing monitoring of critical risks from cybersecurity threats using automated tools. We periodically engage third parties to conduct risk assessments and testing of our systems, including penetration testing and other vulnerability analyses. Additionally, we have implemented an employee education program that is designed to raise awareness of cybersecurity threats, including risks posed by phishing attempts. We have implemented a process for this training to be included during the employee onboarding process and periodically thereafter. Our approach is designed to protect the confidentiality, integrity, and availability of our critical information systems and data, including intellectual property and confidential information. As part of our cybersecurity risk management program, we maintain processes to assess and review the cybersecurity practices of third-party vendors and service providers . Our process includes a security assessment informed by vendor questionnaires and contractual security requirements related to data privacy for certain vendors. We, like other companies in our industry, face a number of cybersecurity risks in connection with our business. Although our business strategy, results of operations, and financial condition have not, to date, been materially affected by risks from cybersecurity threats, including as a result of previously identified cybersecurity incidents, we have, from time to time, experienced threats to and security incidents related to our data and systems, including phishing attacks and attacks to the security of the systems of our third-party vendors and service providers. We conduct periodic risk assessments to identify potential internal and external cybersecurity threats. These assessments evaluate the likelihood of occurrence and potential impact of such threats, as well as the adequacy of our existing policies, procedures, systems, and controls. The Board oversees our cybersecurity risk management process, and the Audit Committee has the authority and power to provide specific oversight of cybersecurity matters. Our IT Director, who has extensive experience in information systems and cybersecurity, leads our cybersecurity strategy, policy, standards, architecture, and processes . The IT Director reports to the Chief Financial Officer ("CFO"). The CFO provides regular updates to the Board, Audit Committee, and executive management on the status of our cybersecurity posture and any material threats . Our cybersecurity program employs industry-standard methodologies to manage cybersecurity risks, including secure network infrastructure design, continuous security updates, and automated alerts for suspicious activities. We also conduct regular training for employees at all levels on cybersecurity awareness and the protection of confidential information. In the event of a cybersecurity incident, our incident response process is designed to detect, respond to and mitigate the impact. Significant incidents are escalated to a team of business leaders, including our Chief Executive Officer and CFO, who work with our incident response team to assess and address the situation. The Audit Committee oversees management's response to significant incidents and ensures compliance with disclosure requirements. To maintain high security standards, we leverage third-party tools and services that adhere to industry best practices, including multi-layer authentication. Despite our efforts, we acknowledge that cybersecurity threats are constantly evolving, and we remain vigilant in protecting our information systems and data. The Board oversees our cybersecurity risk management process, and the Audit Committee has the authority and power to provide specific oversight of cybersecurity matters.

Company Information