INTENSITY THERAPEUTICS, INC. - (INTS)

10-K Filing Date: March 14, 2024
Item 1C. Cybersecurity

Risk Management and Strategy
The Company is a late-stage clinical biotechnology company committed to applying scientific leadership in the field of localized cancer reduction leading to anti-cancer immune activation. Currently, management has not adopted a formal cybersecurity risk management program or process for assessing cybersecurity risk. Management assesses material risks from cybersecurity threats on an ongoing basis, including any potential unauthorized access to or occurrence on or conducted through the Company’s information systems that may result in adverse effects on the confidentiality, integrity, or availability of information systems or any information residing therein. To this end, the Company utilizes an outsourced information technology consultant to implement systems and procedures designed to reduce, respond to and monitor for cybersecurity threats and vulnerabilities. The outsourced information technology consultant conducts proactive patching and monitoring of all of our existing systems and has implemented systems and procedures to mitigate cybersecurity risks that the Company believes are appropriate for a company of our size, stage of growth and financial condition. In addition, the Company carries insurance with coverage for cyber events that it believes is suitable for a company of our size, stage of growth and financial condition.
76

As of the date of this Annual Report on Form 10-K, the Company is not aware of any cybersecurity threats, including as a result of any previous cybersecurity incidents, that have materially affected the Company, including the Company’s business strategy, results of operations or financial condition.
Governance
Management is responsible for the day-to-day management of the risks we face, while our Board of Directors as a whole has responsibility for the oversight of risk management, including as to material risks from cybersecurity threats. In its risk oversight role, the Company’s Board of Directors has the responsibility to satisfy itself that the risk management processes designed and implemented by management are appropriate and functioning as designed. The Board of Directors has delegated to the Audit Committee of the Board of Directors the responsibility for the oversight of information technology (including cybersecurity) risks. In general, the Company seeks to address cybersecurity risks through a cross-functional approach that is focused on preserving the confidentiality, integrity, and availability of the information that it collects and stores by identifying, preventing, and mitigating cybersecurity threats and effectively responding to cybersecurity incidents when they occur.