Theriva Biologics, Inc. - (TOVX)
10-K Filing Date: March 25, 2024
We maintain a cyber risk management program designed to identify, assess, manage, mitigate, and respond to cybersecurity threats.
Theriva has not, to date, been subject to any cybersecurity incidents resulting in a material adverse effect on the Company; however, future cyber incidents may occur and the Company has implemented processes to manage, mitigate, and respond to cybersecurity threats. We maintain policies and controls over areas such as information security, access on/offboarding, and access and account management, to help govern the processes put in place by management designed to protect our IT assets, data, and services from threats and vulnerabilities. We partner with third-party information technology (“IT”) providers leveraging third-party technology and expertise. These partners, including consultants and other third-party service providers, are a key part of Theriva’s cybersecurity risk management strategy and infrastructure and provide services including, maintenance of an IT assets inventory, periodic vulnerability scanning, identity access management controls including restricted access of privileged accounts, network integrity safeguarded by employing web-based software, including endpoint protection, endpoint detection and response, and remote monitoring management on all devices, industry-standard encryption protocols, critical data backups, infrastructure maintenance, incident response,, and cyber risk advisory, assessment and remediation.
As part of its review of the adequacy of our system of internal controls over financial reporting and disclosure controls and procedures, management and the Audit Committee oversees cybersecurity risk exposures and the steps taken by management to monitor and mitigate cybersecurity risks. Theriva’s management team is responsible for oversight and administration of cybersecurity risk management strategies, and for informing the Board and other relevant stakeholders regarding the prevention, detection, mitigation, and remediation of cybersecurity incidents. In addition, cybersecurity risks are reviewed by our Board of Directors at least annually, as part of the Company’s corporate risk oversight processes.
We face risks from cybersecurity threats that could have a material adverse effect on our business, financial condition, results of operations, cash flows or reputation. Theriva acknowledges that the risk of cyber incident is prevalent in the current threat landscape and that a future cyber incident may occur in the normal course of its business. We proactively seek to detect and investigate unauthorized attempts and attacks against our IT assets, data, and services, and to prevent their occurrence and recurrence where practicable through changes or updates to internal processes and tools and changes or updates to service delivery; however, potential vulnerabilities to known or unknown threats will remain. Further, there is increasing regulation regarding responses to cybersecurity incidents, including reporting to regulators, investors, and additional stakeholders, which could subject us to additional liability and reputational harm. In response to such risks, we have implemented initiatives such as implementation of the cybersecurity risk assessment process and development of an incident response plan. See Item 1A. "Risk Factors" for more information on cybersecurity risks.
59