CAPRICOR THERAPEUTICS, INC. 10-K Cybersecurity GRC - 2025-03-26

Page last updated on March 26, 2025

CAPRICOR THERAPEUTICS, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-26 16:15:40 EDT.

Filings

10-K filed on 2025-03-26

CAPRICOR THERAPEUTICS, INC. filed a 10-K at 2025-03-26 16:15:40 EDT
Accession Number: 0001558370-25-003707

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY We operate in the biotechnology sector, which is subject to various cybersecurity risks that could adversely affect our business, financial condition, and results of operations, including intellectual property theft; fraud; extortion; harm to employees; violation of privacy laws and other litigation and legal risk; and reputational risk. We have implemented and maintain various information security processes designed to identify, assess and manage material risks from cybersecurity threats to our critical computer networks, third-party hosted services , communications systems, hardware and software, and our critical data, including intellectual property, as well as confidential information that is proprietary, strategic or competitive in nature. The Company’s information technology department helps identify, assess and manage Capricor’s cybersecurity threats and risks. The information technology department , in coordination with the finance and/or legal departments, identifies and assesses risks from cybersecurity threats by monitoring and evaluating our threat environment using various methods including, for example, evaluating threats reported to us, conducting audits, performing threat assessments, and conducting vulnerability assessments to identify vulnerabilities. We use third-party service providers to assist us to identify, assess, and manage material risks from cybersecurity threats, including for example: professional service firms, including legal counsel, and cybersecurity software providers. Our cybersecurity risk management program shares common methodologies, reporting channels and governance processes that apply across the enterprise risk management program to other legal, compliance, strategic, operational and financial risk areas, including the involvement of cross-functional teams and, depending on the nature and severity of an incident, an escalation path to notify our executive and senior management teams and our board of directors. For example, the information technology department works with management to prioritize our risk management processes and mitigate cybersecurity threats that are more likely to lead to a material impact on our business. The Company is currently in the process of implementing a cybersecurity oversight committee to enhance governance and ensure dedicated focus on cybersecurity risk management. This committee will work closely with the board to provide regular updates on the organization’s cybersecurity posture, performance, and emerging risks, while ensuring that cybersecurity strategies align with business objectives and regulatory requirements. For a description of the risks from cybersecurity threats that may materially affect us and how they may do so, see our risk factors included in Part I, Item 1A. “Risk Factors” of this Annual Report on Form 10-K, including “Risk Factors - Risks Related to our Business - A breakdown, corruption or breach of our information technology systems or computer systems, or those used or hosted by our CROs, contractors, consultants or third-party vendors could subject us to liability or interrupt the operation of our business.” Our business depends on the availability, reliability, and security of our information systems, networks, data, and intellectual property. As of the date of this report, we have not experienced a cybersecurity incident that has materially affected or is reasonably likely to materially affect our business strategy, results of operations, or financial condition . Any disruption, compromise, or breach of our systems or data due to a cybersecurity threat or incident could adversely affect our operations, research, product development, and competitive position. They may also result in a breach of our contractual obligations or legal duties to protect the privacy and confidentiality of our stakeholders. Such a breach could expose us to business interruption, future lost revenue, ransom payments, remediation costs, liabilities to affected parties, cybersecurity protection costs, lost assets, litigation, regulatory scrutiny and actions, reputational harm, and harm to our vendor relationships.

Company Information