Generation Bio Co. 10-K Cybersecurity GRC - 2025-03-13

Page last updated on March 14, 2025

Generation Bio Co. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-13 16:15:45 EDT.

Filings

10-K filed on 2025-03-13

Generation Bio Co. filed a 10-K at 2025-03-13 16:15:45 EDT
Accession Number: 0001558370-25-002907

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY We have certain processes for assessing, identifying and managing cybersecurity risks , which are built into our overall risk management program and overseen by our information technology function, that are designed to help protect our information assets and operations from internal and external cyber threats, as well as secure our networks and systems. Such processes include physical, procedural and technical safeguards, response plans, regular exercises and tests on our systems, incident simulations and routine review of our policies and procedures to identify risks and refine our practices. We engage certain external parties, including consultants, computer security firms and risk management experts, to enhance our cybersecurity oversight. We consider the internal risk oversight programs of third-party service providers before engaging them in order to help protect us from any related vulnerabilities. Based on an assessment using the previously described risk management program, we do not believe that there are currently any known risks from cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected or are reasonably likely to materially affect us or our business strategy, results of operations or financial condition. See " Our internal information technology systems, or those of our third-party vendors, collaborators or other contractors or consultants, may fail or suffer security breaches, loss or leakage of data and other disruptions, which could result in a material disruption of our product development programs, compromise sensitive information related to our business or prevent us from accessing critical information, potentially exposing us to liability or otherwise adversely affecting our business " in Part I, Item 1A, “Risk Factors” for additional information. Our Audit Committee provides direct oversight over cybersecurity risk and provides updates to the Board of Directors regarding such oversight. The Audit Committee receives periodic updates from management regarding cybersecurity matters and is notified between such updates regarding significant new cybersecurity threats or incidents, if any. Our Senior Director of Information Technology, or IT , leads the operational oversight of company-wide cybersecurity strategy, policy, standards and processes and works across relevant departments to assess and help prepare us and our employees to address cybersecurity risks. Our Senior Director of IT has over 25 years of experience in building, running, and managing diverse functional areas of IT, including but not limited to enterprise cybersecurity, IT infrastructure, operations, business continuity, and service delivery. He began his IT career overseeing datacenter operations for a pharmaceutical company and has held multiple IT leadership positions at biotechnology companies, including serving as the director of cybersecurity and infrastructure at a biopharmaceutical company prior to joining us over four years ago. We have also established a cross-functional cybersecurity working team led by our chief financial officer serving as the chair and consisting of executive-level leaders, that is responsible for reviewing, revising and testing our cybersecurity policies and procedures. In an effort to deter and detect cyber threats, we regularly provide all employees, including part-time and temporary employees, with data protection, cybersecurity and incident response and prevention trainings, which cover a range of timely and relevant topics, including social engineering, phishing, password protection, confidential data protection, asset use and mobile security. This incident response and prevention training functions to educate employees on the importance of reporting all incidents immediately. We also use technology-based tools to mitigate cybersecurity risks and to bolster our employee-based cybersecurity programs.

Company Information