Tharimmune, Inc. - (THAR)

10-K Filing Date: February 23, 2024
ITEM 1C. CYBERSECURITY

 

We believe cybersecurity is critical to advancing our technological advancements. As a biopharmaceutical company, we face a multitude of cybersecurity threats that range from attacks common to most industries, such as ransomware and denial-of service. Our customers, suppliers, subcontractors, and business partners face similar cybersecurity threats, and a cybersecurity incident impacting us or any of these entities could materially adversely affect our operations, performance, and results of operations. These cybersecurity threats and related risks make it imperative that we expend resources on cybersecurity.

 

Our Board of Directors oversees management’s processes for identifying and mitigating risks, including cybersecurity risks, to help align our risk exposure with our strategic objectives. Senior leadership, including our cybersecurity consultant, regularly briefs the Board of Directors on our cybersecurity and information security posture and the Board of Directors is apprised of cybersecurity incidents deemed to have a moderate or higher business impact, even if immaterial to us. The full Board retains oversight of cybersecurity because of its importance. In the event of an incident, we intend to follow our detailed incident response playbook, which outlines the steps to be followed from incident detection to mitigation, recovery, and notification, including notifying functional areas (e.g., legal), as well as senior leadership and the Board, as appropriate. Our Cybersecurity consultant has extensive information technology and program management experience. We have implemented a governance structure and processes to assess, identify, manage, and report cybersecurity risks.

 

As a biopharmaceutical company, we must comply with extensive regulations, including requirements imposed by the Federal Drug Administration related to adequately safeguarding patient information and reporting cybersecurity incidents to the SEC. We work with our cybersecurity consultant on assessing cybersecurity risk and on policies and practices aimed at mitigating these risks. We believe we are positioned to meet the requirements of the SEC. In addition to following SEC guidance and implementing pre-existing third party frameworks, we have developed our own practices and frameworks, which we believe enhance our ability to identify and manage cybersecurity risks. Third parties also play a role in our cybersecurity. We engage third-party services to conduct evaluations of our security controls, whether through penetration testing, independent audits, or consulting on best practices to address new challenges. Assessing, identifying, and managing cybersecurity related risks are factored into our overall business approach.

 

We rely heavily on our supply chain to deliver our products and services, and a cybersecurity incident at a supplier, subcontractor or business partner could materially adversely impact us. We require that our subcontractors report cybersecurity incidents to us so that we can assess the impact of the incident on us. Notwithstanding the extensive approach we take to cybersecurity, we may not be successful in preventing or mitigating a cybersecurity incident that could have a material adverse effect on us. While we maintain cybersecurity insurance, the costs related to cybersecurity threats or disruptions may not be fully insured. See “Risk Factors” for a discussion of cybersecurity risks.