Risk Factors Dashboard

We are subject to various cyber and other security threats, including attempts to gain unauthorized access to sensitive information and networks; virtual and cyber threats to our directors, officers, and employees; and threats to the security of our infrastructure, digital assets, and operational systems. To mitigate the threats to our business, we take a comprehensive approach to cybersecurity risk management. Our Board and our management oversee our risk management program, including the management of cybersecurity risks. We have established policies, standards, processes, and practices for assessing, identifying, and managing material risks from cybersecurity threats, including those discussed in our Risk Factors, and have integrated these processes into our overall enterprise risk management (“ERM”) systems and processes.

We have devoted financial and personnel resources to implement and maintain security measures designed to address cybersecurity risks in a manner consistent with our size, operational complexity, and risk profile, and we intend to continue to make investments as may be required to maintain the security of our data and cybersecurity infrastructure. While we cannot guarantee complete effectiveness of our cybersecurity measures despite our best efforts and continuous monitoring, we believe that the Company’s sustained investment in people, processes, and technologies has contributed to a culture of continuous improvement that positions us to identify, assess, and respond to potential cybersecurity threats.

As of the date of this report, we are not aware of any cybersecurity threats or incidents, including as a result of any previous cybersecurity incidents, that have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition. We can provide no assurance that there will not be incidents in the future or that past or future cybersecurity incidents will not materially affect us, including our business strategy, results of operations, or financial condition. We can provide no assurance that there will not be incidents in the future or that past or future attacks will not materially affect us, including our business strategy, results of operations, or financial condition.

Risk Management and Strategy

Our cybersecurity risk management program (“Cybersecurity Program”) is designed and assessed by leveraging the National Institute of Standards and Technology Cybersecurity Framework (“NIST CSF”), customized to align with our entity size, risk profile, and industry best practices. This does not imply that we meet any particular technical standards, specifications, or requirements, only that we use the NIST CSF as a reference framework to help identify, assess, and manage cybersecurity risks relevant to our business. This does not imply that we meet any particular technical standards, specifications, or requirements, only that we use the NIST CSF as a guide to help us identify, assess, and manage cybersecurity risks relevant to our business.

Our Cybersecurity Program is an integral part of our broader ERM framework and business continuity efforts. By incorporating cybersecurity into our overall risk assessment and management processes, we aim to address interconnected risks that could impact critical operations, systems, digital assets, and infrastructure. This alignment allows us to proactively evaluate and prioritize cybersecurity risks in the context of broader organizational objectives and resilience planning. This alignment allows us to proactively evaluate and prioritize cybersecurity risks in the context of broader organizational objectives and resilience planning, ensuring a comprehensive approach to safeguarding the Company’s infrastructure and stakeholders.

The key objectives of our Cybersecurity Program are to implement and sustain effective security controls designed to prevent unauthorized access to digital assets, systems and data, and to maintain and continuously improve our ability to detect, respond to, and recover from cybersecurity incidents. Success in achieving these objectives relies upon using appropriate technology solutions, cultivating and maintaining skilled personnel (including external specialists, as appropriate), and continuously improving policies and procedures. Success in achieving these objectives relies upon using quality technology solutions, cultivating and maintaining a team of skilled professionals, and continuously improving processes.

Our Cybersecurity Program focuses on the following key areas:

Risk Assessment

We conduct periodic cybersecurity risk assessments to identify reasonably foreseeable internal and external cybersecurity threats, including assessments conducted in connection with material changes to our business operations, systems, or third-party relationships. These risk assessments evaluate, among other things, the potential likelihood and magnitude of harm from such risks, including potential impacts on our operations, financial condition, reputation, digital assets, and business strategy, as well as the effectiveness of existing controls and safeguards.

Risk assessments consider information from internal stakeholders, known security vulnerabilities, threat intelligence, reported incidents affecting other companies in our industry, and information obtained from third parties and external advisors, as appropriate. The results of these assessments are used to inform enhancements to our cybersecurity controls, operational processes, and broader Company-wide risk management activities, which are periodically reported to management and the Audit Committee. The results of our assessments are used to develop initiatives to enhance our security controls, make recommendations to improve processes, and inform a broader Company-wide risk assessment that is then periodically reported to our Board and Audit Committee.

Technical Safeguards

We assess and deploy technical safeguards designed to protect our information systems, infrastructure, and digital assets from cybersecurity threats. These safeguards are evaluated and updated based on vulnerability assessments, threat intelligence, and lessons learned from cybersecurity events and incident response activities.

Incident Response and Recovery Planning

We maintain a cybersecurity incident response and recovery plan designed to guide our response to cybersecurity incidents. The plan provides a structured framework for incident identification, containment, investigation, remediation, and recovery, and includes defined escalation and communication protocols. In the event of a cybersecurity incident, management evaluates the incident to determine its severity and potential impact, including whether the incident is reasonably likely to be material, based on both quantitative and qualitative factors.

Vendor and Third-Party Risk Management

We maintain a vendor risk management program designed to identify and mitigate cybersecurity risks associated with third-party service providers. Third-party providers are subject to cybersecurity risk assessments during onboarding, contract renewal, and upon the identification of elevated risk. These assessments may include questionnaires, management discussions, third-party intelligence, and review of available SOC reports or similar assurances. Cybersecurity incidents affecting third-party providers are evaluated for potential impact to the Company, as appropriate.

Education and Awareness

Our policies require employees and relevant third-party contractors to contribute to our cybersecurity efforts. We provide periodic cybersecurity and data protection awareness training and require the prompt reporting of suspicious activity or potential cybersecurity incidents to management.

Our senior management team, led by our Chief Financial Officer and Chief Technology Officer, is responsible for assessing and managing material risks from cybersecurity threats and for implementing the Company’s Cybersecurity Program. Management supervises efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, which may include briefings from internal or external security personnel, threat intelligence, reports generated by security tools, and information obtained from governmental, public, or private sources.

In the event of a cybersecurity incident, management evaluates the incident and, as appropriate, escalates matters to the Audit Committee and the Board. The Audit Committee receives periodic updates regarding cybersecurity risks, program effectiveness, and any material cybersecurity incidents. The Audit Committee also meets regularly with the Company’s independent registered public accounting firm and discusses cybersecurity risks relevant to financial reporting and internal controls, as appropriate.