Neurogene Inc. 10-K Cybersecurity GRC - 2025-03-24

Page last updated on March 24, 2025

Neurogene Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-24 16:04:21 EDT.

Filings

10-K filed on 2025-03-24

Neurogene Inc. filed a 10-K at 2025-03-24 16:04:21 EDT
Accession Number: 0001404644-25-000012

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C.: Cybersecurity We recognize the importance of developing, implementing, and maintaining strong cybersecurity measures to help maintain the security, confidentiality, integrity, and availability of our business systems and confidential information, including personal information and intellectual property. Our cybersecurity program focuses on the following areas: - Vigilance: Our threat operations help identify, prevent, and respond to cybersecurity incidents pursuant to our response and recovery plans. - Systems Safeguards: We use firewalls, intrusion systems, anti-malware, and access controls, and aim to continue to improve these safeguards through vulnerability assessments and threat intelligence. - Third-Party Risk Management: We manage risks from third-party vendors and service providers by conducting due diligence and periodic audits of key vendors. - Training: Mandatory periodic trainings for employees to reinforce our information security policies and practices. - Incident Response and Recovery Planning: We maintain and regularly test plans for responding to and recovering from cybersecurity incidents. - Communication, Coordination and Disclosure: Cross-functional teams, including the Board, address cybersecurity threats, with timely management decisions on incident disclosure and reporting. We have implemented processes designed to help assess, identify, and manage risks from potential unauthorized occurrences on or through our information technology systems that may result in adverse effects on the confidentiality, integrity, and availability of these systems and the data residing therein. These processes are managed and monitored by a hybrid information technology team consisting of Managed Services and Managed Security Services partners, which is led by our Vice President and Head of IT, and include mechanisms, controls, technologies, systems, and other processes designed to help prevent or mitigate data loss, theft, misuse, or other security incidents or vulnerabilities affecting the data. In addition, we consult with outside advisors and experts on a regular basis to assist with assessing, identifying, and managing cybersecurity risks, including to anticipate future threats and trends, and their impact on our risk environment. We consider cybersecurity , along with other significant risks that we face, within our overall enterprise risk management framework. We continue to extend our cybersecurity capabilities, with advanced cybersecurity technology, processes and resources, that are designed to help us to actively identify, protect, detect, respond to, and recover from risks and threats, but nonetheless we have in the past been subject to cyberattacks and continue to face cybersecurity risk threats. Since the beginning of the last fiscal year, we have not identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected us. However, cybersecurity attack techniques change frequently, and with increased volume and sophistication of such attacks, there can be no guarantee that we will not be the subject of future successful attacks, threats or incidents that could materially affect us . Additional information on cybersecurity risks we face is discussed in Part I, Item 1A, " Risk Factors ," under the heading " Our systems, or those of any of our CROs, manufacturers, other contractors, third party service providers or consultants or potential future collaborators, may fail or suffer security or data privacy breaches or other unauthorized or improper access to, use of, or destruction of its proprietary or confidential data, employee data or personal data, which could result in additional costs, loss of revenue, significant liabilities, harm to its brand and material disruption of our operations. " Our Vice President and Head of IT, who reports into the finance organization, has over 28 years of experience managing information technology and cybersecurity matters. He works collaboratively with outside consultants, including our Managed Services and Managed Security Services partners, to protect our information systems from cybersecurity threats and to promptly respond to cybersecurity incidents. He provides regular updates to the President and Chief Financial Officer regarding our efforts to monitor, prevent, detect, mitigate and remediate cybersecurity threats. The Board of Directors, as a whole and at the committee level, has oversight for the most significant risks facing us and for our processes to identify, prioritize, assess, manage, and mitigate those risks. The Audit Committee, which is comprised solely of independent directors, has been designated by our Board of Directors to oversee cybersecurity risks. The Audit Committee receives regular updates on cybersecurity and information technology matters and related risk exposures from our President and Chief Financial Officer. The Board of Directors also receives updates from management and the Audit Committee on cybersecurity risks on at least an annual basis.

Company Information