Acorda Therapeutics, Inc. - (ACOR)

10-K Filing Date: April 01, 2024
Item 1C. Cybersecurity.

Risk Management and Strategy

We have developed a cybersecurity program intended to protect the confidentiality, integrity and availability of our systems, data, and products. Our cybersecurity program includes a variety of processes to assess, identify and manage risks from cybersecurity threats arising from our own and third-party provided systems, including customized annual training requirements, threat monitoring and detection tools, threat containment methods, risk assessments, and security requirements for our suppliers and other third parties. We assess third party cybersecurity controls through a cybersecurity questionnaire and include security and privacy addenda to our contracts where applicable. At least annually, we undertake several assessments to evaluate our cybersecurity controls.

Management has established an incident response plan designed to assess, identify and manage risks from cybersecurity threats and enable prompt response in the event that a cybersecurity incident is detected. We have a process in place for notification to our leadership response team in the event of a significant cyber incident, and for escalation of these events to our Audit Committee and Board, as appropriate. To date, we have not experienced a cybersecurity incident that has had a material impact on our business strategy, results of operations, or financial condition.

Governance

The Audit Committee of the Board of Directors oversees our cybersecurity program. It considers cybersecurity risk individually and within our overall risk management framework. We obtain periodic assessments of our information technology systems, including cybersecurity, the results of which assessments are reported to the Audit Committee. During meetings, our Vice President, Information Technology and executive leadership updates the committee on Acorda’s cybersecurity posture, potential threats and risk mitigation strategies, and the progress of the Company’s cybersecurity initiatives, as appropriate. The Chair of the Audit Committee and management provide regular briefings on such matters to the full Board of Directors, as appropriate.

66


 

Our Vice President, Information Technology is primarily responsible for leading our cybersecurity program through our information technology team. Our Vice President, Information Technology has over 20 years of experience in information technology, and regularly reports on cybersecurity matters to our Audit Committee. Our Vice President, Information Technology reports directly to our Chief Financial Officer, who is a member of our executive leadership team and reports directly to our Chief Executive Officer. As of December 31, 2023, our Information Technology team consisted of team members and contractors, many of whom have advanced degrees and cybersecurity-related industry certifications. Under the direction of our Vice President, Information Technology, we monitor developments that could affect our long-term organizational cybersecurity strategy based on threats globally and to continually enhance our cybersecurity program in response to such developments.