TG THERAPEUTICS, INC. 10-K Cybersecurity GRC - 2025-03-03

Page last updated on March 3, 2025

TG THERAPEUTICS, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-03 16:02:11 EST.

Filings

10-K filed on 2025-03-03

TG THERAPEUTICS, INC. filed a 10-K at 2025-03-03 16:02:11 EST
Accession Number: 0001437749-25-005908

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Risk Management and Strategy We have implemented and maintain various information security processes designed to mitigate cybersecurity risks, on a case-by-case basis, to our critical computer networks, third party-hosted services, communications systems, hardware and software, and our critical data, including intellectual property, confidential information that is proprietary, strategic or competitive in nature, and data related to patients and clinical trials (IT Assets). The Company’s information security program, which is integrated into our overall risk management processes, evaluates threats posed by internal and external factors and supports daily operational functions that prevent unauthorized access or compromise. Depending on the environment, we implement and maintain various technical, physical, and organizational measures, processes, standards and policies designed to manage and mitigate material risks from cybersecurity threats to our IT Assets, which include implementing policies and guidelines governing the individual use and protection of IT Assets by employees, employee training, and leveraging the capability of third -party service providers to support our internal cybersecurity processes. These processes are aligned with standard industry frameworks, such as the National Institute of Standards and Technology, Committee of Sponsoring Organizations, International Organization for Standardization 27001, and other industry standards. We have also implemented a well-established information security incident response plan, which is designed to escalate cybersecurity incidents, depending on the circumstances, to appropriate stakeholders as defined by internal standard operating procedures. We continue to monitor proposed cybersecurity disclosure rules from the SEC and alter our procedures accordingly. To further improve the effectiveness of our information security processes, we engage third -party service organizations to monitor the Company’s information technology (IT) environment, conduct evaluations of the effectiveness of our security controls and provide aggregate monthly reports to our corporate IT Security Team regarding the results of such third -party assessments, training and vulnerability testing, data security posture, material cybersecurity risks and areas of improvement. Risks from cybersecurity threats have not materially affected or are currently viewed as not reasonably likely to materially affect us, our business strategy, results of operations or financial condition. However, the scope and impact of any future cybersecurity incidents cannot be predicted and there can be no assurance that our information security program will be effective in preventing material cybersecurity incidents in the future. For a description of the risks from cybersecurity threats that may materially affect us and how they may do so, see our risk factors under Part 1. Item 1A. Risk Factors in this Annual Report on Form 10-K, including the risk factor captioned “Our internal information technology systems, or those of our third-party CROs, CMOs, or other contractors or consultants, may fail or suffer security breaches, which could result in a material disruption of our drug candidates’ development programs and our commercialization of any products for which we receive regulatory approval.” Governance The Board and our Chief Executive Officer is responsible for oversight of the Company’s overall risk management program, including as to cybersecurity related risks, while management is responsible for the day-to-day risk management processes. The Board receives regular reports from our Chief Executive Officer, Chief Financial Officer and other members of management, regarding material cybersecurity threats and risks, effectiveness of our information security processes and status of ongoing cybersecurity initiatives and strategies. Our information technology (IT) team, which is overseen by our Vice President of IT, is responsible for the identification, assessment and management of cybersecurity risks we face and ensuring effective implementation of the Company’s overall cybersecurity efforts. Our Vice President of IT has over 25 years of experience in IT systems, including cybersecurity risk management and incident response, and holds multiple industry-recognized certifications. Our Vice President of IT receives regular reports from the corporate IT Security Team, together with information provided by our third-party service organizations that monitor the Company’s IT environment, regarding the Company’s material cybersecurity threats and risks and the processes the Company has implemented to address them, which are reported to the Chief Financial Officer.

Company Information