uniQure N.V. 10-K Cybersecurity GRC - 2025-02-27

Page last updated on February 27, 2025

uniQure N.V. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-02-27 08:45:34 EST.

Filings

10-K filed on 2025-02-27

uniQure N.V. filed a 10-K at 2025-02-27 08:45:34 EST
Accession Number: 0001558370-25-001699

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C, Cybersecurity , in this Annual Report on Form 10-K for more information regarding our cybersecurity risk management, strategy and governance. If securities or industry analysts do not publish, cease to publish or publish inaccurate or unfavorable research about our business, our share price and trading volume could decline . The trading market for our ordinary shares depends in part on the research and reports that securities or industry analysts publish about us or our business. We do not control these analysts, or the content and opinions included in their reports. If one or more of the analysts who cover us downgrades our ordinary shares or publishes inaccurate or unfavorable research about our business, our ordinary share price could decline. If one or more of these analysts ceases coverage of our company or fails to publish reports on us regularly, demand for our shares could decrease, which might cause our share price and trading volume to decline. If we do not achieve our projected development and financial goals in the timeframes we announce and expect, the commercialization of our product candidates may be delayed and, as a result, our share price may decline. We estimate the timing of the accomplishment of various scientific, clinical, regulatory, and other product development goals, along with financial and other business-related milestones. From time to time, we publicly announce the expected timing of some of these milestones along with guidance as to our cash runway. These milestones may include the commencement or completion of scientific studies, clinical trials, the submission of regulatory filings and interactions with regulatory authorities, along with expected regulatory approval timelines for our product candidates. These milestones are based on a variety of assumptions that may prove to be untrue. The timing of our actual achievement of these milestones can vary dramatically compared to our estimates, in many cases for reasons beyond our control. If we do not meet these milestones, including those that are publicly announced, the development and commercialization of our products may be delayed, our business could suffer reputational harm and, as a result, our share price may decline. Environmental sustainability and social initiatives that we undertake may impose additional costs on our business and expose us to new risks. Concern over the impact of climate change may result in new or additional legislative and regulatory requirements to reduce or mitigate its effects on the environment, which could result in increased expenses and expenditure of company resources as we seek to comply with such requirements. More broadly, there has been increasing public focus by shareholders, patients, activists, the media, governmental and non-governmental organizations and other constituencies on a variety of environmental, social and other sustainability matters, resulting in new and pending international agreements and national, regional, and local legislation, regulatory measures, public reporting obligations and potential policy changes across jurisdictions. We may experience pressure in some of the countries in which we operate to make commitments with respect to our greenhouse gas emissions as well as other sustainability-focused matters. These agreements and measures, including the Paris Climate Accord, may require, or could result in future legislation, regulatory measures or policy changes that would require operational changes, taxes, or purchases of emission credits to reduce emission of greenhouse gases from our operations, including new reporting requirements for businesses operating in the European Union, which may require the that we dedicate additional capital and personnel resources toward compliance with these measures. If we fail to comply with new laws, regulations or reporting requirements, our reputation and business could be harmed. Furthermore, increasing attention on environmental and sustainability matters has resulted in governmental investigations, and public and private litigation, which could increase our costs or otherwise adversely affect our business or results of operations. We cannot guarantee that any initiatives we adopt to respond to stakeholder expectations will have the desired effect. Moreover, initiatives that we adopt in some countries in which we operate may be viewed differently in other countries in which we operate. Any failure to meet the expectations of our investors, regulators, stock exchanges or other stakeholders with respect to sustainability matters could materially adversely affect our business, financial condition, and results of operations. Item 1B. Unresolved Staff Comments . None. Item 1C. Cybersecurity. Cybersecurity Risk Management and Strategy We recognize the importance of assessing, identifying, and managing material risks associated with cybersecurity threats, as such term is defined in Item 106(a) of Regulation S-K. These risks include, among other things, operational risks, the risk of intellectual property theft, fraud, harm to employees or third parties with which we conduct business and violation of data privacy or security laws. Identifying and assessing cybersecurity risk is integrated into our overall risk management systems and processes . Cybersecurity risks related to our business are identified and addressed through a multi-faceted approach that consists of third-party assessments, testing of our information systems and information technology security. To defend against, detect and respond to cybersecurity incidents, we, among other things: have enabled regular monitoring of our environment by a combination of external partners and internal security tools, conduct regular employee trainings, monitor emerging laws and regulations related to data protection and information security and implement appropriate changes. Consistent with our cybersecurity risk management policies and controls, we have prepared and implemented an incident response plan with several components, including: (i) engagement of a third party security operations center for regular vulnerability scanning and technical monitoring of our systems, (ii) detection and analysis of cybersecurity incidents that present risk of unauthorized access to company assets, including the escalation and triaging of incidents that present acute risks to our business, (iii) containment, eradication and data recovery, and (iv) post-incident analysis. Such incident responses are overseen by leaders from our information technology, finance, legal and compliance teams. Cybersecurity events and data incidents are evaluated, assessed based on severity and prioritized for response and remediation. Under our incident response plan and related policies, incidents are evaluated to determine materiality as well as operational and business impact and reviewed for privacy impact. Our team of cybersecurity professionals then collaborate with technical and business stakeholders to further analyze the risk to the company, and form detection, mitigation and remediation strategies. As part of the above processes, we regularly engage external consultants to assess our internal cybersecurity programs and compliance with applicable practices and standards. Cybersecurity Governance Cybersecurity is an important part of our risk management processes and an area of focus for our board of directors and management team. Our board of directors has delegated responsibility to the Audit Committee for the oversight of risks from cybersecurity threats. Members of the Audit Committee receive regular updates from senior management , including leaders from our information technology, legal and compliance teams regarding matters of cybersecurity. This includes existing and new cybersecurity risks, information on how management is addressing and/or mitigating those risks, cybersecurity incidents (if any) and status on key information security initiatives. Despite our cybersecurity efforts, we may not be successful in preventing or mitigating a cybersecurity incident that could have a material adverse effect on our business. For a discussion of cybersecurity risks applicable to us, see Part I, Item 1A, Risk Factors , under the heading “Our internal computer systems, or those of our collaborators or other contractors or consultants, may fail or suffer security breaches, which could result in a material disruption of our product development programs” in this Annual Report on Form 10-K.
Item 1C. Cybersecurity. Cybersecurity Risk Management and Strategy We recognize the importance of assessing, identifying, and managing material risks associated with cybersecurity threats, as such term is defined in Item 106(a) of Regulation S-K. These risks include, among other things, operational risks, the risk of intellectual property theft, fraud, harm to employees or third parties with which we conduct business and violation of data privacy or security laws. Identifying and assessing cybersecurity risk is integrated into our overall risk management systems and processes . Cybersecurity risks related to our business are identified and addressed through a multi-faceted approach that consists of third-party assessments, testing of our information systems and information technology security. To defend against, detect and respond to cybersecurity incidents, we, among other things: have enabled regular monitoring of our environment by a combination of external partners and internal security tools, conduct regular employee trainings, monitor emerging laws and regulations related to data protection and information security and implement appropriate changes. Consistent with our cybersecurity risk management policies and controls, we have prepared and implemented an incident response plan with several components, including: (i) engagement of a third party security operations center for regular vulnerability scanning and technical monitoring of our systems, (ii) detection and analysis of cybersecurity incidents that present risk of unauthorized access to company assets, including the escalation and triaging of incidents that present acute risks to our business, (iii) containment, eradication and data recovery, and (iv) post-incident analysis. Such incident responses are overseen by leaders from our information technology, finance, legal and compliance teams. Cybersecurity events and data incidents are evaluated, assessed based on severity and prioritized for response and remediation. Under our incident response plan and related policies, incidents are evaluated to determine materiality as well as operational and business impact and reviewed for privacy impact. Our team of cybersecurity professionals then collaborate with technical and business stakeholders to further analyze the risk to the company, and form detection, mitigation and remediation strategies. As part of the above processes, we regularly engage external consultants to assess our internal cybersecurity programs and compliance with applicable practices and standards. Cybersecurity Governance Cybersecurity is an important part of our risk management processes and an area of focus for our board of directors and management team. Our board of directors has delegated responsibility to the Audit Committee for the oversight of risks from cybersecurity threats. Members of the Audit Committee receive regular updates from senior management , including leaders from our information technology, legal and compliance teams regarding matters of cybersecurity. This includes existing and new cybersecurity risks, information on how management is addressing and/or mitigating those risks, cybersecurity incidents (if any) and status on key information security initiatives. Despite our cybersecurity efforts, we may not be successful in preventing or mitigating a cybersecurity incident that could have a material adverse effect on our business. For a discussion of cybersecurity risks applicable to us, see Part I, Item 1A, Risk Factors , under the heading “Our internal computer systems, or those of our collaborators or other contractors or consultants, may fail or suffer security breaches, which could result in a material disruption of our product development programs” in this Annual Report on Form 10-K.

Company Information