We have implemented and maintain a cybersecurity risk management program that includes processes for the identification, assessment, and mitigation of cybersecurity risks. We conduct annual cybersecurity training for all of our employees and periodically engage third-party consultants to conduct penetrating testing and vulnerability assessments. Additionally, we use automated tools designed to monitor, identify, and address cybersecurity risks. Further, we have a process to evaluate and review the cybersecurity practices of our key vendors prior to onboarding, including through a general security assessment and contractual requirements, as appropriate.

We face a number of cybersecurity risks in connection with our business. Although such risks have not materially affected us, including our business strategy, results of operations or financial condition, to date, we have, from time to time, experienced threats to and breaches of our data and systems, including malware and computer virus attacks. For more information about the cybersecurity risks we face, see the risk factor entitled “Our internal computer systems, or those used by our third-party research institution collaborators, CROs or other contractors or consultants, may fail or suffer security breaches” in Item 1A- Risk Factors.

Governance Related To Cybersecurity Risks

Our cybersecurity process is overseen by our Information Technology department, which is managed by our Head of IT. The Head of IT role is currently held by an individual who has approximately two decades of professional IT management experience. In addition, our Security Leadership Team (SLT), which is comprised of the Head of IT as well as leaders from our operations, finance, and legal departments, is responsible for documenting, reviewing, and assessing our cybersecurity processes, monitoring for cybersecurity incidents, and periodically reporting on cybersecurity risks and risk management to a committee of our executive team (Executive Committee). The Executive Committee, which is led by our Chief Financial Officer, undertakes reviews of our cybersecurity program and assesses any security incident updates from the SLT on a quarterly basis.

The Executive Committee meets with the Audit Committee of our Board of Directors on a quarterly basis to report on and discuss material updates to our cybersecurity program. The Audit Committee provides oversight of our cybersecurity program as part of its periodic review of enterprise risk management and provides regular reports to our Board of Directors regarding our cybersecurity processes, including updates on the status of ongoing cybersecurity projects, the results of cybersecurity risk assessments, and the emerging cybersecurity threat landscape. Additionally, the Board of Directors reviews the enterprise risk management program on at least an annual basis.