AVENUE THERAPEUTICS, INC. - (ATXI)
10-K Filing Date: March 18, 2024
Cybersecurity Risk Management and Strategy
We have established certain processes for identifying, evaluating, and managing material risks from cybersecurity threats as a part of our overall technology management strategy. These processes are designed and reassessed on a periodic basis to help protect our technology assets and operations from internal and external security threats. We also engage with third parties, including consultants, to enhance our security processes.
We have previously engaged and currently engage third parties to assess the effectiveness of our cybersecurity and technology management strategy and continue to seek to implement new, and improve existing, processes regularly to adjust for changes in technology, internal or external threats, business strategy, and regulatory requirements. We, and our third parties, have deployed managed detection and response services to monitor our technology infrastructure and information systems for possible threats. Our technology management strategy also includes ongoing security training and education for employees regarding threats, including their role and responsibility in detecting and responding to such threats.
We review the processes of our third party vendors and consider their ability to adhere to relevant industry practices and maintain adequate technology risk programs. In addition, we maintain cyber and cyber-related crime insurance coverage policies as part of our overall risk management strategy, however, our policies may not be sufficient to cover against all potential future claims, if any.
In the last two fiscal years, we have not identified cybersecurity threats that have materially affected, or are reasonably likely to materially affect, our business, results of operations, or financial condition. Although we proactively attempt to prevent all threats, we are unable to eliminate all risk from cybersecurity threats or provide assurance that we have not experienced an undetected cybersecurity incident. For more information about these risks, please see Item 1A. Risk Factors “Our business and operations would suffer in the event of computer system failures, cyber-attacks, or deficiencies in our or third parties’ cybersecurity”.
Cybersecurity Governance
While our Board of Directors is responsible for oversight and risk management in general, our Audit Committee provides oversight of our technology management strategy to ensure that cybersecurity threats and risks are identified, evaluated, and managed. The Audit Committee receives periodic updates from our management team regarding the overall state of our technology management strategy and any relevant risks from cybersecurity threats and cybersecurity incidents.
Our management team is responsible for assessing and managing the material risks from cybersecurity threats. Our management team members have expertise in information systems, compliance and corporate governance, which we believe are disciplines that are effective in the management of the Company’s cybersecurity risk. Our management team is informed of and monitors the prevention, detection, and mitigation of cybersecurity threats and incidents.