Protagonist Therapeutics, Inc 10-K Cybersecurity GRC - 2025-02-21

Page last updated on February 21, 2025

Protagonist Therapeutics, Inc reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-02-21 16:36:59 EST.

Filings

10-K filed on 2025-02-21

Protagonist Therapeutics, Inc filed a 10-K at 2025-02-21 16:36:59 EST
Accession Number: 0001558370-25-001317

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity In the ordinary course of our business, we collect, use, store, and transmit confidential, sensitive, proprietary, and personal information. The secure maintenance of this information and our IT systems is important to our operations and business strategy. We understand the growing challenges associated with cybersecurity threats and have established a strong cybersecurity program intended to continue to monitor and improve our cybersecurity posture . Risk Management Approach We have documented cybersecurity policies and standards, and we assess risks from cybersecurity threats and monitor information systems for potential cybersecurity issues. These processes are managed and monitored by a dedicated cybersecurity team, including third-party service providers, and led by our Head of IT, and include mechanisms, controls, technologies, systems, and other processes designed to help prevent or mitigate data loss, theft, misuse, or other security incidents or vulnerabilities affecting the data and help maintain a stable information technology environment. For example, we use processes, tools and external services to conduct regular vulnerability testing, penetration testing, data recovery testing, security audits, and ongoing risk assessments, including due diligence on and audits of our key technology vendors, CROs, and other contractors and suppliers . We work to maintain a strong cybersecurity posture through a multi-layered approach. Our endpoint detection and response (“EDR”) system helps monitor and analyze endpoint devices, and is designed to assist us in quickly identifying and responding to emerging threats. Complementing our EDR capabilities, our managed detection and response service assists with threat monitoring, proactive threat hunting, and rapid incident response. Furthermore, we employ data loss prevention tools to help enforce strict data security policies, prevent unauthorized access and protect the transmission of sensitive information. These integrated technologies help us to detect, mitigate, and respond to cyber threats, with the goal of minimizing potential disruptions to our business operations. We have an incident response plan designed to help quickly detect, contain and remediate cybersecurity incidents. This plan outlines clear escalation procedures, roles and responsibilities to help us respond in a timely manner to potential threats. We also conduct regular employee training on matters such as phishing and email security best practices, among other topics. In addition, we consult with outside advisors and experts when appropriate to assist with assessing, identifying, and managing cybersecurity risks, including to help anticipate future threats and trends, and their impact on our risk environment. Governance Our current Head of IT reports directly to our Chief Financial Officer and has over twenty years of experience managing information technology and cybersecurity matters, holds a Master of Science degree in Telecommunications and Computer Networks and is Project Management Professional, Certified Scrum Master and IT Infrastructure Library certified. We have established a cybersecurity council, facilitated by the Head of IT, which includes senior leadership from various departments. The council meets quarterly to review cybersecurity strategies, assess emerging threats, and receive updates on regulatory and industry best practices . Our Board as a whole has oversight for the most significant risks facing us and for our processes to help identify, prioritize, assess, manage, and mitigate those risks, including oversight of cybersecurity risks. Our Board receives at least two updates each year on cybersecurity and information technology matters and related risk exposures from our Head of IT as well as other members of our senior leadership team. We consider cybersecurity, along with other significant risks that we face, within our overall enterprise risk management framework. Since the beginning of the last fiscal year, we have identified and mitigated certain known cybersecurity threats, which we determined are not reasonably likely to materially affect us and have strengthened our cybersecurity ecosystem. However, cybersecurity attack techniques change frequently, and with increased volume and sophistication of such attacks, there can be no guarantee that we will not be the subject of future successful attacks, threats or incidents that could materially affect us. Additional information on the cybersecurity risks we face is discussed in Part I, Item 1A, “Risk Factors - Significant disruptions of information technology systems or cybersecurity incidents could adversely affect our business.”

Company Information