Actinium Pharmaceuticals, Inc. - (ATNM)
10-K Filing Date: March 29, 2024
The Company operates in the biotechnology sector and is subject to various cybersecurity risks that could adversely affect the Company’s business, financial condition or results of operations, including intellectual property theft, fraud, extortion, harm to employees, collaborators or vendors, violation of privacy laws and other litigations, legal and reputational risk.
The Company acknowledges that an actual or perceived breach of its information assets could damage its reputation, interfere with the progress of clinical trials, or interfere with efforts to pursue regulatory approvals for its product candidates. The Company also recognizes that an actual or perceived breach of its information assets could impact the Company’s business strategy, operations, or financial condition, as well as subject Actinium to third–party lawsuits, regulatory fines or other actions or liabilities, any of which could adversely affect the Company. For further information, see “Risk Factors—Our business is subject to cybersecurity risks” in Item 1A of this Annual Report on Form 10–K.
Actinium’s Risk Management Strategy:
The Company recognizes the critical importance of developing, implementing, and maintaining robust cybersecurity measures to safeguard its information systems and protect the confidentiality, integrity, and availability of its data. With that objective, the Company undertook a focused cybersecurity assessment conducted by an independent cybersecurity advisory firm to better understand the current cybersecurity threats and risks necessary to establish the foundation of a cybersecurity risk assessment framework appropriate for its current business operations and needs.
The Company has also engaged well-known and established technology suppliers to support its key technology processes and operating technical security management activities including threat, vulnerability, and network security management.
The Company will continue to develop and implement its Cybersecurity Policy framework as part of its overall enterprise risk management. It will spell out the protection requirements in several key cybersecurity and technology areas such as managing risks arising from engaging with third parties.
The Company has established an Incident Response Policy and recovery plans to address its response to a cybersecurity incident, and such plans will be tested and evaluated on a regular basis. This includes continuous security operation centers monitoring of the Company’s systems and accounts.
The Company proactively mitigates its financial exposure to cybersecurity incidents by maintaining a cyber liability insurance policy. However, the Company’s cyber liability insurance may be inadequate or may not be available in the future on acceptable terms, or at all. In addition, the Company’s cyber liability insurance policy may not cover all claims made against the Company. Defending a suit, regardless of its merit, could be costly and divert management’s attention from the Company’s business and operations.
To date, Actinium has not experienced any material cybersecurity incident that affected the Company’s operations or financial condition.
Governance:
We rely on a multidisciplinary team including third-party service providers to assess how identified cybersecurity threats could impact our business. The Company’s cybersecurity function is managed by the Company’s Chief Financial Officer, who assumes the overall responsibility and accountability of the function and with select members of the Company’s management is collectively responsible for the day–to–day assessment and management of cybersecurity risks, their prevention, mitigation, detection, and remediation. Our Chief Financial Officer and other members of management have undergone various briefings from our cybersecurity advisory firm to prepare them to effectively assess and manage material risks from cybersecurity threats. Additionally, members of the third-party service providers have cybersecurity experience and/or certifications.
The Company’s Board will be involved in overseeing our risk management processes and policies that may be implemented from time to time. The audit committee will coordinate these activities through regular interactions with the Company’s management outlined above including but not limited to: presentations regarding recent developments, potential risks associated with third parties, emerging trends, any relevant findings or any incident that rises to the level of established thresholds.
The risk factors discussed in this document should be considered together with information included elsewhere in the Annual Report on Form 10–K and should not be considered as the only risks to which the Company is exposed.