Page last updated on March 31, 2025
CURIS INC reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-31 16:04:23 EDT.
Filings
10-K filed on 2025-03-31
CURIS INC filed a 10-K at 2025-03-31 16:04:23 EDT
Accession Number: 0001108205-25-000031
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
ITEM 1C. CYBERSECURITY We have processes for assessing, identifying and managing cybersecurity risks, which are built into our information technology function and are designed to help protect our information assets and operations from internal and external cyber threats, protect employee and clinical trial information from unauthorized access or attack, as well as secure our networks and systems. Such processes include physical, procedural and technical safeguards, response plans, and routine review of our policies and procedures to identify risks and refine our practices. We engage certain external parties, including consultants, to enhance our cybersecurity oversight . Our Audit Committee of the Board of Directors, or the Audit Committee, is responsible for overseeing cybersecurity risk and periodically updates our Board of Directors on such matters. The Audit Committee receives periodic updates from management, including our head of information technology, regarding cybersecurity matters, and is notified between such updates regarding any significant new cybersecurity threats or incidents. We do not believe that there are currently any risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have material affected or are reasonably likely to materially affect us, including our business strategy, results of operations or financial condition. Management is responsible for the operational oversight of company-wide cybersecurity strategy, policy, and standards. Our head of information technology , who has 25 years of information technology management experience, reports to our chief financial officer, oversees and manages the day-to-day functions of our cybersecurity risks, and works with an incident response team to evaluate security and privacy incidents and the implementation of appropriate actions. In an effort to deter and detect cyber threats, we annually provide all employees with cybersecurity and prevention training, which covers timely and relevant topics, including social engineering, phishing, password protection, confidential data protection, and mobile security, and educate employees on the importance of reporting all incidents immediately. We also use technology-based tools to mitigate cybersecurity risks and to bolster our employee-based cybersecurity programs.
Company Information
| Name | CURIS INC |
| CIK | 0001108205 |
| SIC Description | Biological Products, (No Diagnostic Substances) |
| Ticker | CRIS - Nasdaq |
| Website | |
| Category | Non-accelerated filer Smaller reporting company |
| Fiscal Year End | December 30 |