Phio Pharmaceuticals Corp. 10-K Item 1C. Cybersecurity - 2026-03-05
Phio Pharmaceuticals Corp. disclosed their cybersecurity strategy, risk management and governance process in an annual SEC Filing 10-K filing on 2026-03-05 16:17:45 EST
Company Summary
Phio Pharmaceuticals Corp. is a clinical-stage biotechnology company developing INTASYL® siRNA-based immuno-oncology therapeutics designed to make immune cells more effective at killing tumor cells, with programs for intratumoral administration and adoptive cell therapy applications.
Filings
10-K filed on 2026-03-05
Phio Pharmaceuticals Corp. filed an SEC Filing 10-K filing on 2026-03-05 16:17:45 EST.
Accession Number: 0001437749-26-007078
Item 1C. Cybersecurity
Item 1C - Cybersecurity
##TABLE_END
We are increasingly dependent on sophisticated software applications and third-party hosted services to conduct our business operations. Our technology environment relies primarily on cloud-based systems operated by, third party providers as well as the systems, networks and technology of our contractors, consultants, vendors and other business partners.
Cybersecurity Risk Management Strategy
We maintain various information security processes to manage cybersecurity risks designed to support the security , reliability and resilience of our information systems. This program includes a number of safeguards, such as: continuous monitoring for internal and external threats, periodic evaluations of our cybersecurity program, including external reviews, benchmarking against industry standards and practices, periodic penetration testing and phishing simulations and cybersecurity awareness training for all employees. Our cybersecurity risk management processes are integrated into our overall information technology ("IT") processes. As part of our IT process, we identify, assess and evaluate risks impacting our operations across the Company, including those risks related to cybersecurity.
The controls and processes employed to assess, identify and manage material risks from cybersecurity threats are implemented and overseen by a managed information technology service provider working in coordination with our management. This provider has more than 20 years of experience in information technology and cybersecurity and holds industry-recognized certifications. The provider is responsible for the day-to-day administration of the cybersecurity program, including monitoring, threat prevention, detection, investigation, response to, and recovery from cybersecurity threats and incidents. The Company does not have a full-time dedicated cybersecurity position in the Company.
We use a risk-based approach with respect to our use and oversight of third -party service providers, tailoring processes according to the nature and sensitivity of the data accessed, processed, or stored by each service provider. We use a number of means to assess and manage cyber risks related to our third -party service providers, including conducting due diligence in connection with onboarding new vendors and using contractual provisions to address information security where applicable.
In the event of a cybersecurity incident, designated personnel are responsible for assessing the severity and potential impact of the incident, containing and remediating the threat, restoring data and system access as necessary, evaluating related reporting obligations associated with the incident, and performing post-incident analysis and reviews to identify opportunities for program enhancements. We also maintain relationships with a number of third-party service providers, insurance providers, and external legal counsel to assist with cybersecurity incident response and remediation efforts.
Although we have experienced phishing attempts during the past three years, we have not experienced any cybersecurity threats or incidents that have materially affected our business strategy, results of operations or financial condition nor are we aware of any such risks that are reasonably likely to have such a material effect. Cybersecurity incidents and threats continue to evolve, and despite our safeguards, we may not be able to anticipate, detect or prevent threats in a timely manner. For additional information, see "Item 1A--Risk Factors- Our business and operations would suffer in the event of a cybersecurity incident."
Governance
The Audit Committee of our Board is responsible for oversight of the Company's cybersecurity risk management and receives quarterly updates from our management regarding cybersecurity risks, significant cybersecurity incidents and cybersecurity initiatives and strategies. Our management also notifies our Board of significant cybersecurity incidents and provides updates on the incidents as well as cybersecurity risk mitigation activities as appropriate.
##TABLE_START
Company
Profile
| Name | Phio Pharmaceuticals Corp. |
|---|---|
| CIK | 1533040 |
| SIC Description | |
| Industry | |
| Ticker | PHIO |
| Website | |
| Category | Non-accelerated Filer |
| Fiscal Year End | December 31 |