Xenetic Biosciences, Inc. - (XBIO)

10-K Filing Date: March 21, 2024
ITEM 1C – CYBERSECURITY

 

Risk management and strategy

 

We, through our third-party provider that manages our information technology systems and networks, maintain policies and processes for assessing, identifying, and managing material risk from cybersecurity threats, and have integrated these processes into our overall risk management systems and processes. Primary responsibility for assessing, monitoring and managing our cybersecurity risks rests with the Chief Financial Officer, who manages the Company’s overall risk assessment and mitigation process.

 

In addition to monitoring cybersecurity threats to the Company’s information systems, the Company’s risk management practices are intended to help monitor, mitigate and prevent cybersecurity risks from external sources. We operate as a virtual company and maintain vital information, including financial and payroll information, on servers owned and maintained by our vendors. As such, we rely on the internal controls of our third party vendors to protect our vital information. We obtain and review reports on the internal controls of our vendors on an annual basis to ensure that we believe their cybersecurity procedures are adequate and to confirm that there have been no data breaches affecting our information.

 

We engage third party services in connection with our cybersecurity risk assessment processes. These service providers assist us to design and implement our cybersecurity policies and procedures, as well as to monitor and test our safeguards. Our managed information technology service provider monitors and alerts us of cybersecurity threats and potential breaches. Our managed information technology service provider has the ability to implement and maintain appropriate security measures, consistent with all applicable laws, to implement and maintain reasonable security measures in connection with their work with us, and to promptly report any suspected breach of its security measures that may affect our company. Employee training and phishing campaigns are conducted every year. The Company’s employees are expected to help safeguard the Company’s information systems and to assist in the discovery and reporting of cybersecurity incidents.

 

Although we may face a number of cybersecurity risks in connection with our business, we have not experienced any cybersecurity threats, incidents, or challenges that have materially affected, or are reasonably likely to materially affect, our business strategy, results of operations, or financial condition. For additional information regarding risks from cybersecurity threats, please refer to Item 1A, “Risk Factors,” in this annual report on Form 10-K.

 

Governance

 

One of the key functions of our board of directors is informed oversight of our risk management process, including risks from cybersecurity threats. Our board of directors is responsible for monitoring and assessing strategic risk exposure, and our executive officers, with assistance from third-party consultants or advisors as appropriate, are responsible for the day-to-day management of the material risks we face. Our Chief Financial Officer oversees our cybersecurity risk assessment and mitigation process, and is responsible for the timely reporting of any material cybersecurity incident or threat, as well as any other cybersecurity related risks, to our board of directors.

 

 

 

 52