AGENUS INC - (AGEN)
10-K Filing Date: March 14, 2024
Cybersecurity Risk Management and Strategy
We have developed and implemented a cybersecurity risk management program intended to protect the confidentiality, integrity, and availability of our critical systems and information.
We design and assess our program based on the Information Systems Audit and Control Association’s Control Objectives for Information Technologies framework and National Institute of Standards and Technology cybersecurity framework, as well as threat trends identified by multiple external and internal cybersecurity intelligence reports.
Our cybersecurity risk management program is aligned to our business strategy and has been incorporated into our enterprise risk management process.
We contract with external firms to assess our cybersecurity controls. We have processes in place to identify and evaluate risks associated with third party vendors and suppliers. In addition, we have systems in place to maintain business continuity and disaster recovery. To date, we have not experienced any material cybersecurity incidents.
We describe whether and how risks from cybersecurity threats are reasonably likely to affect our business, results of operations and financial condition, under the heading “Our internal computer systems, or those of our third-party CROs, CMOs, licensees, collaborators or other contractors or consultants, may fail or suffer security breaches, which could result in a material disruption in our business and operations or could subject us to sanctions and penalties that could have a material adverse effect on our reputation or financial condition.” included as part of our Item 1A. Risk Factors of this Annual Report on Form 10-K, which is incorporated by reference into this Item 1C.
Cybersecurity Governance
Our Audit Committee of the Board of Directors has oversight responsibility for risks and incidents related to cybersecurity threats. Our Chief Information Officer is a member of our Enterprise Risk Management Committee and provides the Audit Committee and the Board of Directors periodic reports on our cybersecurity risks and any material cybersecurity incidents.
Our team of cybersecurity professionals is led by our Chief Information Officer, who has over 20 years of experience in cybersecurity in regulated industries. Our cybersecurity team monitors the prevention and detection of cybersecurity events and is responsible for incident response and remediation.