Korro Bio, Inc. - (KRRO)

10-K Filing Date: March 26, 2024
Item 1C. Cybersecurity

Cybersecurity Risk Management and Strategy

We recognize the importance of assessing, identifying, and managing risks from cybersecurity threats. We have implemented a cybersecurity risk management process in accordance with our risk profile and business that is informed by industry standards and is integrated into our enterprise risk management process.

 

95


 

We leverage the support of third-party information technology and security providers, including for periodic security testing and risk assessments, as part of our risk management process, designed to identify, assess, and manage cybersecurity risks. We conduct employee cybersecurity training and maintain an incident response and notification plan designed to assist us in identifying, responding to, and recovering from cybersecurity incidents. Further, we intend to evaluate and update our existing cybersecurity policies and procedures as appropriate to continue to align them to our risk profile.

We have a process to assess the security practices of certain third-party vendors, including through the use of vendor security questionnaires, as appropriate.

Although risks from cybersecurity threats have to date not materially affected us, our business strategy, results of operations or financial condition, we have, from time to time, experienced threats to and breaches of our and our third party vendors’ data and systems. For more information about these risks, see Item 1A “Risk Factors—Risks Related to Our Business.”

Governance Related to Cybersecurity Risks

Our Vice President, Information Technology, or Vice President, who reports to the Chief Operating Officer, is responsible for the strategic leadership and direction of our cybersecurity program. With over 20 years of experience in information technology, the Vice President works alongside individuals across other functions, such as legal and engineering, to establish and implement our cybersecurity strategy.

The Vice President and our Chief Operating Officer and General Counsel participate in periodic discussions with other members of our management, including executive leadership, regarding implementation of our cybersecurity program, program enhancements, and relevant cybersecurity risks or threats.

Our audit committee has oversight over cybersecurity risks. With the input of the executive team, the Vice President provides annual presentations to the audit committee on our cybersecurity program, including updates on cybersecurity testing and assessments, cybersecurity risks, and related cybersecurity strategy as applicable. The management team will also update the full board of directors on matters related to cybersecurity as needed.

Additionally, we have implemented an enterprise risk management process, which addresses cybersecurity risks. This process is led by our General Counsel and includes participation by the board of directors, as appropriate. Our General Counsel reports regularly on the enterprise risk management process to executive leadership and the audit committee.