MBX Biosciences, Inc. 10-K Cybersecurity GRC - 2025-03-17

Page last updated on March 17, 2025

MBX Biosciences, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-17 08:14:27 EDT.

Filings

10-K filed on 2025-03-17

MBX Biosciences, Inc. filed a 10-K at 2025-03-17 08:14:27 EDT
Accession Number: 0000950170-25-039838

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybers ecurity. Risk Management and Strategy We manage cybersecurity threats as part of our oversight, evaluation, and mitigation of enterprise-level risks. We have implemented a cybersecurity risk management program, in accordance with our risk profile and business size, that is designed to detect, identify, assess, and respond to current and emerging cybersecurity threats. Our cybersecurity risk management program is supported by third-party information technologies and vendors, including a managed services provider that assists us with, among other things, information technology system monitoring, detection and alerting tools, and response support services. We also leverage third-party information technology service providers to monitor and evaluate our cybersecurity 101 posture through cybersecurity risk reviews and assessments. Our cybersecurity risk assessments are informed by industry standards and frameworks and incorporate elements of the same, including elements of the National Institute of Standards and Technology (“NIST”) cybersecurity framework. We have adopted an incident response plan designed to coordinate the steps to identify, contain, eradicate, and recover from cybersecurity incidents. We also have a process for newly-hired employees to participate in security awareness training. We also have a process to review certain third-party information technology service providers and vendors, including through contractual requirements and proactive threat intelligence monitoring, as appropriate. To date, we have not identified any cybersecurity incidents or threats that have materially affected us or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition, however, like other companies in our industry, we and our third-party information technology service providers and vendors have from time to time experienced threats that could affect our information or systems. For more information, please refer to Item 1A, “Risk Factors,” in this Annual Report. Governance Our Senior Director of Information Technology coordinates with our Chief Financial Officer (“CFO”) and relevant third parties, such as consultants and external legal advisors, to assess and manage material risks from cybersecurity threats. Our Senior Director of Information Technology has over fifteen years of experience in information technology, including over five years in cybersecurity and information security. Our Senior Director of Information Technology is also supported by a cross-functional security incident response team, which is responsible for identifying, reporting, investigating, documenting, and mitigating cybersecurity incidents pursuant to our incident response plan and policy. Our board of directors has overall oversight responsibility for our risk management, and delegates its oversight of risk assessment and management guidelines to the audit committee of the board of directors. Members of the audit committee receive periodic updates from our CFO, who is briefed by our Senior Director of Information Technology, regarding matters of cybersecurity. These discussions may include updates on management’s efforts to address and mitigate cybersecurity risks, cybersecurity incidents (if any), and the status of key information security initiatives. Executive management will promptly update our board of directors regarding significant threats and incidents as they arise.

Company Information