BIO-PATH HOLDINGS INC - (BPTH)
10-K Filing Date: March 07, 2024
ITEM 1C. CYBERSECURITY
Risk Management and Strategy
We maintain standard procedures to help assess, identify and manage material risk posed by cybersecurity threats and regularly evaluate how we can integrate these procedures into our overall risk management processes. For example, we require that all of our employees who have access to our internal network complete formal cybersecurity training upon hire and on a periodic basis, including training on phishing, malware, and other cybersecurity risks. We also continuously evaluate our information technology
51
systems and our practices that relate to our information technology systems. To date, we have not engaged any assessors, consultants, auditors or other third parties in connection with these efforts but may elect to do so in the future.
To the extent we identify areas in our information systems that need improvement, we seek to timely implement and monitor such improvements. While we believe that we have taken appropriate security measures to protect our data and information technology systems, and have been informed by our third-party vendors that they have as well, there can be no assurance that our efforts will prevent breakdowns or breaches in our systems, or those of our third-party vendors, that could materially adversely affect our business and financial condition. For additional information regarding whether risks from cybersecurity threats are reasonably likely to materially affect the Company, including our business strategy, results of operations, or financial condition, see Item 1A, “Risk Factors,” in this Annual Report on Form 10-K.
Governance
One of the functions of our Board is to identify principal risks of the Company and ensure implementation of appropriate systems to manage these risks, including risks from cybersecurity threats. Our Board works with members of management to identify and manage these risks, including cybersecurity risks. We currently employ a qualified Director of Information Technology and Data Management Systems who reports to our Chief Executive Officer. This employee has over 20 years of experience with cybersecurity, information technology development and deployment and information technology risk assessment and management, including information security management.
Our information technology employee regularly monitors our information technology systems and monitors the prevention, detection, mitigation and remediation of cybersecurity incidents in consultation with our Chief Executive Officer. To the extent necessary, our Chief Executive Officer reports such risks to our Board.