Nuvation Bio Inc. - (NUVB)
10-K Filing Date: February 29, 2024
Our cybersecurity risk management and strategy program consists of cybersecurity-related policies and procedures, industry standard technology solutions including antivirus, firewalls and monitoring tools, awareness training for all employees, periodic testing, and insurance coverage. We have implemented and maintain various information security processes designed to identify, assess and manage material risks from cybersecurity threats to our critical computer networks, third party hosted services, communications systems, hardware and software, and our critical data, including intellectual property and confidential information that is proprietary, strategic or competitive in nature.
The audit committee of our board of directors is responsible for oversight the Company’s cybersecurity risk. On the management-side, our head of information technology is responsible for integrating cybersecurity risk considerations into the Company’s overall risk management strategy, communicating key priorities to relevant personnel, approving budgets, helping prepare for cybersecurity incidents, approving cybersecurity processes, reviewing security assessments and other security-related reports, and retaining assessors, consultants, auditors, or third parties in connection with the company’s cybersecurity program.
Our assessment and management of material risks from cybersecurity threats are integrated into the Company’s overall risk management processes. For example, (1) cybersecurity risk is addressed as a component of the Company’s enterprise risk management program; (2) security management works with management to prioritize our risk management processes and mitigate cybersecurity threats that are more likely to lead to a material impact to our
76
business; (3) our management evaluates material risks from cybersecurity threats against our overall business objectives and reports to the audit committee of the board of directors, which evaluates our overall enterprise risk, and (4) we have a cybersecurity incident response plan to identify, assess, respond to, and inform escalating levels of management based on the nature and severity of such incidents.
We have not identified any material cybersecurity incidents to date.
For a description of the risks from cybersecurity threats that may materially affect the Company and how they may do so, see the section titled “Risk Factors” in Item 1A of this Annual Report on Form 10-K, including the risk factor titled “—Our internal computer systems, or those used by our CROs or other contractors or consultants, may fail or experience security breaches or other unauthorized or improper access.”