DiaMedica Therapeutics Inc. 10-K Cybersecurity GRC - 2025-03-17

Page last updated on March 17, 2025

DiaMedica Therapeutics Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-17 16:32:31 EDT.

Filings

10-K filed on 2025-03-17

DiaMedica Therapeutics Inc. filed a 10-K at 2025-03-17 16:32:31 EDT
Accession Number: 0001437749-25-008018

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity We recognize the importance of identifying, assessing, and managing material risks associated with cybersecurity threats, which risks include, among other things, operational risks, intellectual property theft, fraud, extortion, harm to employees or participants in our clinical trials, and violation of data privacy or security laws. In the ordinary course of our business, we collect and store certain confidential information such as information about our employees, contractors, vendors, suppliers, and clinical data. We augment the capabilities of our people, processes, and technologies in order to address our cybersecurity risks. Our cybersecurity risks, and the controls designed to mitigate those risks, are integrated into our overall risk management governance and are reviewed at least annually by our Board of Directors. Risk Management and Strategy Identifying, assessing, and managing cybersecurity risk is integrated into our overall enterprise risk management systems and processes. Our cybersecurity risk management program has been developed based upon prevailing security standards and the National Institute of Standards and Technology (NIST) framework for evaluating and responding to potential cybersecurity risks, and addressing cybersecurity threats and incidents to the extent they arise. We have designed our business applications to minimize the impact that cybersecurity incidents could have on our business and have identified back-up systems where appropriate. Security events and data incidents are evaluated, ranked by severity, and prioritized for response and remediation. Incidents are evaluated to determine materiality, as well as operational, business and privacy impact. An important component of this program is employee awareness of and vigilance regarding cybersecurity risks. Our employees receive ongoing cybersecurity awareness trainings, including specific topics related to social engineering and email fraud. 56 Recognizing the complexity and evolving nature of cybersecurity threats, incidents and risks, we engage third party experts , including managed information technology (IT) service providers and cybersecurity consultants, to evaluate and support our risk management systems. We utilize advanced technologies for continuous cybersecurity monitoring across our IT environment which are designed to prevent, detect and minimize cybersecurity attacks, as well as alert management of such attacks. Recognizing the complexity and evolving nature of cybersecurity threats, incidents and risks, we engage third-party experts, including managed IT service providers and cybersecurity consultants, to evaluate and support our risk management systems, monitor potential vulnerabilities , periodically test our cybersecurity controls and procedures, and respond to cybersecurity incidents affecting us, including prompt escalation and communication of major security incidents to senior management and our Board of Directors. Governance The Audit Committee of our Board of Directors is responsible for overseeing our cyber security risk management and strategy, including overseeing management’s responsibility to assess, manage and mitigate risks associated with our business and operational activities, to administer our various compliance programs, in each case including cybersecurity concerns, and to oversee our IT systems, processes and data. Our Chief Financial Officer and cybersecurity consultants regularly meet with and provides periodic briefings to our Audit Committee regarding our cybersecurity risks and activities, including any recent cybersecurity incidents, if any, and related responses, and cybersecurity systems testing. Management has implemented risk management policies and procedures, and management is responsible for the day-to-day cybersecurity risk management. Our Chief Financial Officer is responsible for the day-to-day assessment and management of our cybersecurity risks. Cybersecurity Threat Disclosure As of the date of this Annual Report on Form 10-K, risks from cybersecurity threats have not materially affected, and we do not believe they are reasonably likely to materially affect, us, our business strategy, results of operations, or financial condition. However, cybersecurity threats are constantly evolving, becoming more frequent and more sophisticated and are being made by groups of individuals with a wide range of expertise and motives, which increases the difficulty of detecting and successfully defending against them. While we have implemented measures to safeguard our operational and technology systems, the evolving nature of cybersecurity attacks and vulnerabilities means that these protections may not always be effective. For further discussion of cybersecurity risks, please see Item 1A, “Risk Factors”.

Company Information