|
Cybersecurity Risk Management, Strategy and Governance
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Item 1C. Cybersecurity.
Risk Management and Strategy
We have implemented procedures for assessing, identifying and managing significant risks from cybersecurity threats and have incorporated these procedures into our overall risk management systems and processes. We regularly evaluate significant risks from cybersecurity attacks, including any potential unauthorized occurrence on or conducted through our information systems that may result in adverse effects on the confidentiality, integrity, or availability of our information systems or any information stored there. The program to manage cybersecurity risks has tools and activities designed to identify, examine and manage current and potential cybersecurity threats, as well as plans and strategies designed to deal with threats and incidents.
We regularly evaluate the cybersecurity risks that could affect our information systems, as well as on an ad hoc basis when there is a significant change in how we do business that may increase the exposure of our information systems to such risks. These evaluations include identifying the possible internal and external risks, how likely and harmful they are, and whether our current policies, procedures, systems, and safeguards are adequate to handle them.
We use these risk assessments to design, implement, and maintain appropriate safeguards that are intended to mitigate identified risks, address any shortcomings in our existing safeguards, and regularly check how well our safeguards work. Our information technology (“IT”) department is primarily responsible for evaluating, overseeing, and handling our cybersecurity risks to manage the process of risk assessment and mitigation. We have established a cross-functional IT Security Steering Committee that oversees the management of our cybersecurity risks and execution of any mitigation efforts.
Our IT department and Company management work together to check and improve our safeguards as part of our overall risk management system. We also periodically provide training to our employees on these safeguards and keep them informed of our cybersecurity policies through regular communications across the Company.
We work with consultants or other third parties as part of our risk assessment processes, when appropriate. They help us create and execute our cybersecurity policies and procedures and check and test our safeguards. We ask key third-party service providers to confirm that it can apply and keep appropriate cybersecurity measures in line with all relevant laws, to apply and keep reasonable cybersecurity measures when they work with us, and to promptly report any possible breach of their cybersecurity measures that could impact our company.
Since the beginning of the last fiscal year, we have not identified risks from known cybersecurity threats, including as a result of any previous cybersecurity incidents, that have materially affected us, including our business strategy, results of operations or financial condition, but we face certain ongoing cybersecurity risks threats that, if realized, are reasonably likely to materially affect us. For additional information regarding these risks, please refer to Item 1A, “Risk Factors,” “We depend on our information technology systems and those of our third-party collaborators, service providers, contractors or consultants. Our internal computer systems, or those of our third-party collaborators, service providers, contractors or consultants, may fail or suffer security breaches, disruptions, or incidents, which could result in a material disruption of our development programs or loss of data or compromise the privacy, security, integrity or confidentiality of sensitive information related to our business and have a material adverse effect on our reputation, business, financial condition or results of operations” in this Annual Report on Form 10-K.
Governance
Our board of directors oversees our overall risk management process and significant risks facing us, including cybersecurity risks. The audit committee, which is comprised solely of independent directors, has been designated by our board of directors to oversee cybersecurity risks. Our board of directors oversees and evaluates strategic risk exposure, while our executive officers manage the significant risks we encounter on a daily basis.
The audit committee receives periodic briefings from our Chief Financial Officer, the Chair of the IT Security Steering Committee, regarding our cybersecurity risks and activities, including any recent cybersecurity incidents
and related responses, cybersecurity systems testing, and activities of third parties. Our audit committee provides periodic updates to the board of directors on such reports.
The IT Security Steering Committee, which is in charge of our cybersecurity policies and procedures, including the ones discussed in “Risk Management and Strategy” above, is led by our Chief Financial Officer, who has nine years of senior leadership experience at public biotechnology companies, including six years with 89bio. The IT Security Steering committee also includes our Director of IT, who is an experienced Information Technology professional and has over 20 years of experience managing information technology, of which more than 10 years pertain to cybersecurity related experience.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|We have implemented procedures for assessing, identifying and managing significant risks from cybersecurity threats and have incorporated these procedures into our overall risk management systems and processes.
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Governance
Our board of directors oversees our overall risk management process and significant risks facing us, including cybersecurity risks. The audit committee, which is comprised solely of independent directors, has been designated by our board of directors to oversee cybersecurity risks. Our board of directors oversees and evaluates strategic risk exposure, while our executive officers manage the significant risks we encounter on a daily basis.
The audit committee receives periodic briefings from our Chief Financial Officer, the Chair of the IT Security Steering Committee, regarding our cybersecurity risks and activities, including any recent cybersecurity incidents
and related responses, cybersecurity systems testing, and activities of third parties. Our audit committee provides periodic updates to the board of directors on such reports.
The IT Security Steering Committee, which is in charge of our cybersecurity policies and procedures, including the ones discussed in “Risk Management and Strategy” above, is led by our Chief Financial Officer, who has nine years of senior leadership experience at public biotechnology companies, including six years with 89bio. The IT Security Steering committee also includes our Director of IT, who is an experienced Information Technology professional and has over 20 years of experience managing information technology, of which more than 10 years pertain to cybersecurity related experience.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our information technology (“IT”) department is primarily responsible for evaluating, overseeing, and handling our cybersecurity risks to manage the process of risk assessment and mitigation. We have established a cross-functional IT Security Steering Committee that oversees the management of our cybersecurity risks and execution of any mitigation efforts.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|
Our board of directors oversees our overall risk management process and significant risks facing us, including cybersecurity risks. The audit committee, which is comprised solely of independent directors, has been designated by our board of directors to oversee cybersecurity risks. Our board of directors oversees and evaluates strategic risk exposure, while our executive officers manage the significant risks we encounter on a daily basis.
|Cybersecurity Risk Role of Management [Text Block]
|
We use these risk assessments to design, implement, and maintain appropriate safeguards that are intended to mitigate identified risks, address any shortcomings in our existing safeguards, and regularly check how well our safeguards work. Our information technology (“IT”) department is primarily responsible for evaluating, overseeing, and handling our cybersecurity risks to manage the process of risk assessment and mitigation. We have established a cross-functional IT Security Steering Committee that oversees the management of our cybersecurity risks and execution of any mitigation efforts.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|The audit committee, which is comprised solely of independent directors, has been designated by our board of directors to oversee cybersecurity risks.
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|
The IT Security Steering Committee, which is in charge of our cybersecurity policies and procedures, including the ones discussed in “Risk Management and Strategy” above, is led by our Chief Financial Officer, who has nine years of senior leadership experience at public biotechnology companies, including six years with 89bio. The IT Security Steering committee also includes our Director of IT, who is an experienced Information Technology professional and has over 20 years of experience managing information technology, of which more than 10 years pertain to cybersecurity related experience.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|Our information technology (“IT”) department is primarily responsible for evaluating, overseeing, and handling our cybersecurity risks to manage the process of risk assessment and mitigation.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef