Climb Bio, Inc. 10-K Cybersecurity GRC - 2025-03-25

Page last updated on March 25, 2025

Climb Bio, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-25 16:01:32 EDT.

Filings

10-K filed on 2025-03-25

Climb Bio, Inc. filed a 10-K at 2025-03-25 16:01:32 EDT
Accession Number: 0000950170-25-044350

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy We have implemented and maintain various information security processes designed to identify, assess and manage material risks from cybersecurity threats to our critical computer networks, third-party hosted services, communications systems, and our critical data, including intellectual property, confidential information that is proprietary, strategic or competitive in nature, and data related to participants in preclinical studies and clinical trials involving certain of our product candidates (Information Systems and Data). We manage, identify and assess risks from cybersecurity threats by monitoring and evaluating our threat environment and risk profile using various methods including, for example: through the use of automated tools, including but not limited to tools for monitoring, remote wiping, threat detection, intrusion detection and prevention; conducting ( through third parties ) regular audits and threat assessments for internal and external threats; subscribing to reports and services that identify cybersecurity threats; analyzing reports of threats and actors; conducting vulnerability assessments to identify vulnerabilities; evaluating our and our industry’s risk profile; and evaluating threats reported to us. Depending on the environment, we implement and maintain various processes, standards and policies designed to manage and mitigate material risks from cybersecurity threats to our Information Systems and Data, including, for example: risk assessments, implementation of security standards and certifications, encryption of data in transit and at rest, network security controls, data segregation, access controls, systems monitoring, vendor risk management program, employee training and penetration testing. As part of our cybersecurity risk management program, we maintain processes to assess and review the cybersecurity practices of third-party vendors and suppliers . Prior to engaging key third-party vendors and suppliers, we conduct a security assessment and, as appropriate, include security requirements in contracts. We, like other companies in our industry, face cybersecurity risks in connection with our business. However, to date, risks from cybersecurity threats have not materially affected and are not reasonably likely to materially affect our business strategy, results of operations, and financial condition. For more information on our cybersecurity related risks, see “Risk Factors” under Part I, Item 1A of this Annual Report on Form 10-K. Governance Our board of directors considers cybersecurity risk management as part of its general oversight function. The audit committee of our board of directors is responsible for overseeing our cybersecurity risk management processes, including oversight and mitigation of risks from cybersecurity threats. Our management team provides periodic updates to the audit committee regarding our cybersecurity program, including information about cyber risk management governance and status updates on various projects intended to enhance the overall cybersecurity posture of the Company. Our chief operating officer , with the assistance of third-party technical advisors, leads the operational oversight of company-wide cybersecurity strategy, policy, standards and processes and works across relevant departments to assess and help the Company and our employees to address cybersecurity risks. Our third-party technical advisors include consultants with over 20 years of experience in IT leadership as well as subject matter experts in cybersecurity that have extensive experience managing cybersecurity programs.

Company Information