Page last updated on July 16, 2024
Cibus, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-03-21 16:33:59 EDT.
Filings
10-K filed on 2024-03-21
Cibus, Inc. filed a 10-K at 2024-03-21 16:33:59 EDT
Accession Number: 0001628280-24-012546
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
Item 1C. Cybersecurity. Risk Management and Strategy Cibus has processes designed to protect its information systems, data, assets, infrastructure, and computing environments from cybersecurity threats and risks while maintaining confidentiality, integrity, and availability practices. The Company’s cybersecurity team has dedicated personnel whose responsibilities include preventing and monitoring cybersecurity threats. The team has a cybersecurity incident response plan, which is a dynamic and flexible basic framework that includes processes designed to address interdiction and remediation, conducting initial investigations, gathering and analyzing data, reporting incidents to management, mitigating damage to the Company’s informational assets and infrastructure, restoring normal services and system integrity, and implementing actions designed to prevent future cybersecurity incidents. Cibus has established procedures to identify, assess, and manage risks across the business, including risks related to cybersecurity. The Company’s cybersecurity strategy includes risk management methodologies and analytics, which are designed to facilitate cyber resilience, minimize attack surfaces, and provide flexibility and scalability in its ability to address cybersecurity risks and threats. Organizational risk assessments help management to assess threats and identify and investigate potential vulnerabilities to make risk management decisions and assign resources to mitigate risk. The Company’s cybersecurity risk management strategy is incorporated into its business continuity plans, which include plans designed to address disaster recovery at its data centers and its holistic risk assessment procedures. Further, Cibus has a security awareness platform that provides its employees training on a variety of topics. Cibus engages external resources that contribute to and provide evaluation of, its existing cybersecurity practices and organizational risk assessment systems. Further, Cibus has processes designed to identify, assess, and manage third party service provider risks when third parties handle, possess, process, and store the Company’s material information. - 44 - Table of Contents As of the date of this Annual Report, Cibus does not believe that any past cybersecurity incidents have had, or are reasonably likely to have had, a material adverse effect on the Company’s business, operations, or financial condition. However, there can be no assurance that the Company’s cybersecurity processes will prevent or mitigate cybersecurity incidents or threats, and it is possible that these events may occur and could have a material adverse effect on the Company’s business, operations, or financial condition. See " Risk Factors-Risks Related to Cibus’ Organization and Operations-Cibus’ internal computer systems, or those of its third party contractors or consultants, may fail or suffer security breaches, which could result in a material disruption of Cibus’ operations. " under the heading “Risk Factors” of this Form 10-K. Governance The Company’s cybersecurity team is headed by its Director of Information Technology & Information Security, who works with the Company’s cybersecurity team to identify cybersecurity risks and who has been in the information technology and cybersecurity industry for over 25 years and holds numerous technical certifications and cybersecurity-related certificates. The team members report via its established cybersecurity triage and outage workflow to the Cibus Cyber Security Council, which consists of the Company’s CEO, President and COO, EVP and CSO, and members of the Company’s legal and human resources teams. The Company’s Cyber Security Council meets regularly to discuss the status of the cybersecurity program, emerging cybersecurity threats, long-term cybersecurity investments and strategies, and oversight of the Company’s cybersecurity program. The Company’s Cyber Security Council is also responsible for identifying, assessing, and managing the Company’s exposure to material risks from cybersecurity threats, including monitoring the prevention, detection, mitigation, and remediation of cybersecurity threats. The Company’s full Board of Directors oversees enterprise risks and has delegated oversight to the Audit Committee of the Cibus Board of the Company’s data privacy and cybersecurity risks and provides input on the Company’s cyber and information security strategy. The Council reports the status of the Company’s cybersecurity program to the Audit Committee and, periodically, to the Board. The Board and Audit Committee regularly review these reports and discuss policies with respect to cybersecurity and information technology risks, including how these risks are being identified, assessed, and managed.
Company Information
Name | Cibus, Inc. |
CIK | 0001705843 |
SIC Description | Agricultural Chemicals |
Ticker | CBUS - Nasdaq |
Website | |
Category | Non-accelerated filer Smaller reporting company |
Fiscal Year End | December 30 |