Finch Therapeutics Group, Inc. - (FNCH)
10-K Filing Date: March 25, 2024
In the ordinary course of our business, we and our third-party service providers collect, maintain and transmit sensitive data on our networks and systems, including with respect to our intellectual property and proprietary or confidential business information (such as research data and personal information). The secure maintenance of this information is critical to our business and reputation. In addition, we are dependent on the functioning of our information technology infrastructure to carry out our business processes. While we have adopted administrative, technical and physical safeguards to protect such systems and data, our systems and those of third-party service providers may be vulnerable to a cyber-attack.
We have adopted processes designed to identify, assess and manage material risks from cybersecurity threats. Those processes include responding to internal and external threats to the security, confidentiality, integrity and availability of our data and information systems. We may detect potential vulnerabilities and anomalies through our technical safeguards and we have adopted policies relating to the notification of and response to cybersecurity incidents.
We rely on third parties, including cloud vendors, for various business functions. Our third-party services providers have access to our information systems and data, and we rely on such third parties for the continuous operation of our business operations. We oversee third-party service providers by conducting diligence when onboarding vendors. Vendors are assessed for risk based on the nature of their service, and access to our data and systems and, based on that assessment, we may conduct additional diligence including security questionnaires and other technical evaluations.
Our Board of Directors has established oversight mechanisms to manage risks from cybersecurity threats. Our Audit Committee has primary responsibility for oversight of cybersecurity. Our Audit Committee will report from time to time, as necessary, to the Board on these matters. At the management level, our cybersecurity program is managed by our Chief Executive Officer, who reports to the Board, with the assistance of a third-party vendor.
Although we have experienced minor cybersecurity incidents in the past, as of the date of this report, we have not experienced a cybersecurity incident that resulted in a material effect on our business strategy, results of operations, or financial condition. Despite our continuing efforts, we cannot guarantee that our cybersecurity safeguards will prevent breaches or breakdowns of our or our third-party service providers’ information technology systems, particularly in the face of continually evolving cybersecurity threats and increasingly sophisticated threat actors. A cybersecurity incident may materially affect our business, results of operations or financial condition, including where such an incident results in reputational, competitive or business harm, loss of intellectual property rights, significant costs or the Company being subject to government investigations, litigation, fines or damages. For more information, see “Our internal computer systems, or those of any of our current or future collaborators and strategic partners or other contractors or consultants, may fail or suffer security breaches, which could result in a significant disruption and our ability to operate our business effectively.”