NEOGENOMICS INC 10-K Cybersecurity GRC - 2025-02-18

Page last updated on February 18, 2025

NEOGENOMICS INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-02-18 16:16:39 EST.

Filings

10-K filed on 2025-02-18

NEOGENOMICS INC filed a 10-K at 2025-02-18 16:16:39 EST
Accession Number: 0001077183-25-000028

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Cybersecurity Risk Management and Strategy We have developed and implemented a cybersecurity and information security risk management program intended to protect the confidentiality, integrity, and availability of our critical systems and information. We regularly assess risks from cybersecurity threats; monitor our information systems for potential vulnerabilities; and test those systems pursuant to our cybersecurity policies, processes, and practices, which are integrated into our overall risk management program. To ensure the continued effectiveness of our information security controls, we regularly engage both internal and external experts to evaluate our program. The results of these evaluations are reviewed by senior management and reported to the Board. In addition, we proactively collaborate with key vendors, industry peers, and relevant government and law enforcement entities to remain informed about new threats and best practices. This integrated approach enables us to continuously refine our cybersecurity posture, helping protect the confidentiality, integrity, and availability of our systems and data, as well as evaluate and mitigate the risk of threats from third parties. To date, the Company is not aware of any cybersecurity threats, including any prior cybersecurity incidents, that have materially affected or are reasonably likely to materially affect the Company, including our business strategy, results of operations, or financial condition. However, as discussed under the heading " We depend on information technology systems and maintain protected personal data, and a cyber-attack or other breach affecting these information technology systems or protected data could have a material adverse effect on our results of operations " in Part I, Item 1A, “Risk Factors,” the Company remains subject to evolving cybersecurity risks that could have adverse impacts. NEOGENOMICS, INC. Cybersecurity Governance and Oversight Consistent with our overall risk management governance structure, management is responsible for the day-to-day management of cybersecurity risk while our Board and its Audit Committee play an active, ongoing oversight role. Our information security program is overseen by the Chief Information Security Officer (“CISO”) , who is responsible for establishing and executing our enterprise-wide cybersecurity strategy, policies, standards, architecture, and associated processes. The CISO has over 20 years of experience in technology and information security, including extensive leadership experience in the biotechnology and laboratory sectors, and possesses the requisite education, skills, experience, and industry certifications expected of an individual assigned to these duties. The CISO provides periodic updates on our cybersecurity risk profile to management’s Technology Risk Management Committee and the Audit Committee of our board of directors. The CISO provides periodic updates to the Audit Committee, the full Board of Directors (the " Board “), our Chief Executive Officer, and other members of senior management, as appropriate. These updates typically address: - Evolving cyber risks and threats; - Progress on strategic initiatives to safeguard our information systems; - Cyber incident response preparedness and capabilities; - Findings from assessments of our information security program; and - Insights into the emerging threat landscape.

Company Information