XML 42 R28.htm IDEA: XBRL DOCUMENT v3.25.4
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2025
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
We regularly assess, identify, and manage risks from cybersecurity threats as an integral part of our overall enterprise risk management (ERM) program. Our cybersecurity policies, processes, and practices include ongoing monitoring of information systems for vulnerabilities, periodic testing, in-house employee training and case discussions, and the use of advanced security tools designed to detect, prioritize, escalate, investigate, resolve, and recover from incidents in a timely manner.

To evaluate how effective our cybersecurity prevention and response mechanisms are, we partner with external organizations such as cybersecurity assessors, consultants, and specialists. Their expertise enables us to pinpoint, confirm, and validate cybersecurity risks, as well as support the creation and implementation of mitigation strategies when required. By utilizing these systems and expert guidance, we can detect threats, determine their severity, and address possible repercussions by preventing breaches and relying on vendors who advise us on optimal risk management practices. These external parties and systems form a crucial part of our enterprise risk management framework for cybersecurity. Additionally, we have established a due diligence protocol to monitor and identify significant risks arising from our relationships with third-party vendors, including those providing cybersecurity services, to ensure we manage all threats related to their involvement appropriately.

To date, we have not experienced any cybersecurity incidents that have materially affected, or are reasonably likely to materially affect, our company, including our business strategy, results of operations, or financial condition. Refer to “Item 1A. Risk Factors” in this Annual Report, including the risk factor titled “Our internal computer systems or those of our development collaborators, third-party CDMOs, or other contractors or consultants may fail or suffer cybersecurity incidents, data breaches, or other disruptions, which could result in a material disruption of our product development programs and cause our business and operations to suffer,” for additional discussion of cybersecurity-related risks.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block]
We regularly assess, identify, and manage risks from cybersecurity threats as an integral part of our overall enterprise risk management (ERM) program. Our cybersecurity policies, processes, and practices include ongoing monitoring of information systems for vulnerabilities, periodic testing, in-house employee training and case discussions, and the use of advanced security tools designed to detect, prioritize, escalate, investigate, resolve, and recover from incidents in a timely manner.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block] Our Board's role in risk oversight is consistent with our leadership structure, with management having day-to-day responsibility for assessing and managing our risk exposure and our Board actively overseeing the management of our risks both at the Board and Committee level. The Board conducts its risk oversight by receiving reports from each of the Committees and our executive officers regarding our risk identification, risk management, and risk mitigation strategies with respect to areas of potential material risk, including cybersecurity risk. The Board has delegated to the Audit Committee of the Board primary responsibility for overseeing risks from cybersecurity threats. Our Associate Vice President of IT & Facilities briefs the Board of Directors on our cybersecurity risk management program on a quarterly basis, using risk assessment reports from our third-party cybersecurity vendor. The briefing includes discussion of management’s actions to identify and detect threats, as well as planned actions in the event of a response or recovery situation.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] The Board has delegated to the Audit Committee of the Board primary responsibility for overseeing risks from cybersecurity threats.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] The Board conducts its risk oversight by receiving reports from each of the Committees and our executive officers regarding our risk identification, risk management, and risk mitigation strategies with respect to areas of potential material risk, including cybersecurity risk.
Cybersecurity Risk Role of Management [Text Block]
Cybersecurity is an important part of our risk management processes. Our Associate Vice President of IT & Facilities is responsible for overseeing the cybersecurity risk management program. He has over 20 years of IT management, cybersecurity, and information governance experience. In order to monitor and appropriately escalate cybersecurity risks (including with respect to cybersecurity incidents), our Associate Vice President of IT & Facilities receives reports on a monthly basis, and more frequently as appropriate, from our third-party cybersecurity vendor.
Our Board's role in risk oversight is consistent with our leadership structure, with management having day-to-day responsibility for assessing and managing our risk exposure and our Board actively overseeing the management of our risks both at the Board and Committee level. The Board conducts its risk oversight by receiving reports from each of the Committees and our executive officers regarding our risk identification, risk management, and risk mitigation strategies with respect to areas of potential material risk, including cybersecurity risk. The Board has delegated to the Audit Committee of the Board primary responsibility for overseeing risks from cybersecurity threats. Our Associate Vice President of IT & Facilities briefs the Board of Directors on our cybersecurity risk management program on a quarterly basis, using risk assessment reports from our third-party cybersecurity vendor. The briefing includes discussion of management’s actions to identify and detect threats, as well as planned actions in the event of a response or recovery situation.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] Our Associate Vice President of IT & Facilities is responsible for overseeing the cybersecurity risk management program.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] He has over 20 years of IT management, cybersecurity, and information governance experience. In order to monitor and appropriately escalate cybersecurity risks (including with respect to cybersecurity incidents), our Associate Vice President of IT & Facilities receives reports on a monthly basis, and more frequently as appropriate, from our third-party cybersecurity vendor.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] Our Associate Vice President of IT & Facilities briefs the Board of Directors on our cybersecurity risk management program on a quarterly basis, using risk assessment reports from our third-party cybersecurity vendor. The briefing includes discussion of management’s actions to identify and detect threats, as well as planned actions in the event of a response or recovery situation.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true