Galera Therapeutics, Inc. 10-K Cybersecurity GRC - 2025-03-31

Page last updated on March 31, 2025

Galera Therapeutics, Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-31 16:30:34 EDT.

Filings

10-K filed on 2025-03-31

Galera Therapeutics, Inc. filed a 10-K at 2025-03-31 16:30:34 EDT
Accession Number: 0000950170-25-047798

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. Risk Management and Strategy We recognize the critical importance of securing our information systems and protecting the confidentiality, integrity, and availability of our data. To achieve this, we have developed and implemented a comprehensive cybersecurity risk management program designed to identify, assess, and mitigate risks to our critical systems and data, including risks resulting from cybersecurity threats associated with our use of third-party service providers. Our cybersecurity strategy is integrated into the company’s broader enterprise risk management framework, ensuring that cybersecurity considerations are an integral part of decision-making at all levels of the organization. We collaborate with external experts, including cybersecurity assessors and vendors , to continuously evaluate and enhance our security posture and conduct regular risk assessments, penetration testing, and security audits. Monitoring, Training and Incident Response We continuously monitor our information systems for potential cybersecurity threats. Our cybersecurity incident response plan outlines specific procedures for responding to incidents, minimizing damage, and recovering 50 swiftly. We have implemented a comprehensive cybersecurity training program for all employees to ensure they are fully equipped to handle cybersecurity responsibilities. The training emphasizes making cybersecurity an integral part of our corporate culture. It covers a wide range of topics, including understanding the different types of malware and how to avoid them, recognizing social engineering tactics like phishing and pretexting, and the importance of creating strong passwords while using multi-factor authentication. Additionally, the program addresses the unique security risks associated with remote work, mobile device usage, and Wi-Fi connections, as well as best practices for securing email communications and ensuring physical security of devices. Employees also learn about the importance of information classification, securing sensitive data, and safeguarding mobile devices and USB drives from unauthorized access or attacks. The program highlights the risks associated with the dark web and emphasizes how employees can protect themselves and the organization from information exposure. Furthermore, the training ensures that employees understand how to effectively respond to cybersecurity incidents, including how to recognize, report, and address security threats in a timely manner. This training is regularly updated to reflect the latest security threats and trends, ensuring employees are always aware of evolving risks. Employee understanding is assessed through quizzes, and executive leadership plays a key role in reinforcing cybersecurity as a top priority by modeling strong security behaviors and emphasizing ongoing vigilance. Cybersecurity Risks We have not experienced or identified risks from cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected or are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition. Governance The B oard of Directors (the Board), with oversight from the Audit Committee, is responsible for the governance of cybersecurity risks. The Audit Committee receives regular updates from management on cybersecurity risks and incidents, ensuring that the Board is kept informed. Management, led by the Chief Executive Officer (the “CEO”) , is responsible for implementing the cybersecurity program, monitoring the company’s risk posture, and reporting to the Audit Committee and the Board regarding cybersecurity-related risks . The CEO works closely with external consultants and vendors, including IntellectMap, to ensure that we stay current with industry standards and best practices.

Company Information