Not applicable to smaller reporting companies.

Item 1B. Unresolved Staff Comments.

None

Item 1C. Cybersecurity

We believe cybersecurity is critical importance to our success. We are susceptible to a number of significant and persistent cybersecurity threats, including those common to most industries as well as those we face as a retailer, operating in an industry characterized by a high volume of customer transactions and collection of sensitive data. These threats, which are constantly evolving, include data breaches, ransomware, and phishing attacks. We, and our vendors and suppliers, regularly face attempts by malicious actors to breach our security and compromise our information technology systems. A cybersecurity incident impacting us or any vendor or supplier could significantly disrupt our operations and result in damage to our reputation, costly litigation and/or government enforcement action. Accordingly, we are committed to maintaining robust cybersecurity and data protection and continuously evaluate the impact of cybersecurity threats, considering both immediate and potential long-term effects of these threats on our business strategy, operations, and financial condition.

Under the oversight of our Board of Directors, our management has established comprehensive processes for identifying, assessing and managing material risks from cybersecurity threats, and these processes are integrated into our overall enterprise risk management program. Our approach is proactive and adaptive, featuring regular security assessments, third-party audits, team member training, and continuous improvement of our cybersecurity infrastructure. We work to align our practices with industry best practices and regulatory standards. Our processes include detailed response procedures to be followed in the event of a cybersecurity incident, which outline steps to be followed from detection to assessment to notification and recovery, including internal notifications to management, the risk committee and the Board, as appropriate.

Members of management, including our Chief Operating Officer, provide the Board updates on cybersecurity risk matters on a quarterly basis and more frequently if circumstances dictate. In these updates, members of the Board apprised of cybersecurity incidents that are deemed to have had a moderate or higher impact even if immaterial to us. In addition, management regularly discusses with among themselves the risks related to cybersecurity and critical systems in order to provide input on the appropriate level of risk for our company and reviews management’s strategies for adequately mitigating and managing the identified risks. Management regularly update our full Board with respect to cybersecurity matters.

Our Chief Operating Officer is primarily responsible for managing material risks from cybersecurity threats, and is supported by third party cybersecurity specialists. Management participates in periodic training and education on cybersecurity related topics. We engage specialized cybersecurity consultants and leverage third-party expertise to bolster our cybersecurity defenses. Our enterprise risk management program is designed to identify, prioritize and assess a broad range of risks, including risks from cybersecurity threats, that may affect our ability to execute our corporate strategy and fulfill our business objectives.

The following is a list of measures that were implemented as part of our increased focus on cybersecurity:

In addition, our third-party vendors and service providers play a role in our cybersecurity. These third parties are integral to our operations but pose cybersecurity challenges due to their access to our data and our reliance for various aspects of our operations, including our supply chain. We conduct due diligence before onboarding new vendors and maintain ongoing evaluations to ensure compliance with our security standards.

As of the date of this report, no cybersecurity incidents have had, either individually or in the aggregate, a material adverse effect on our business, financial condition or results of operations. Notwithstanding the extensive approach we take to cybersecurity, we may not be successful in preventing or mitigating a cybersecurity incident that could have a material adverse effect on us.

Recently Filed

Click on a ticker to see risk factors

Ticker *	File Date
EAWD	11 hours ago
ARAT	11 hours ago
IONM	12 hours ago
NHWK	12 hours ago
GBBK	12 hours ago
APOG	14 hours ago
FWAV	15 hours ago
JRSS	16 hours ago
PPIH	19 hours ago
WAVS	1 day, 9 hours ago
GBNH	1 day, 10 hours ago
ACCD	1 day, 11 hours ago
EFSH	1 day, 12 hours ago
RFAC	1 day, 12 hours ago
GXXM	1 day, 16 hours ago
PGY	1 day, 20 hours ago
KPLT	2 days, 12 hours ago
MSB	2 days, 12 hours ago
MMMB	2 days, 12 hours ago
LVPA	2 days, 14 hours ago
HELE	2 days, 21 hours ago
RILY	3 days, 7 hours ago
BHAC	3 days, 12 hours ago
STZ	3 days, 16 hours ago
ARMT	3 days, 20 hours ago
ARMT	3 days, 20 hours ago
RCFA	4 days, 8 hours ago
FSR	4 days, 10 hours ago
TPIA	4 days, 11 hours ago
MEDS	4 days, 11 hours ago
PVNC	4 days, 11 hours ago
CDTX	4 days, 11 hours ago
ENCP	4 days, 12 hours ago
ACI	4 days, 20 hours ago
AZZ	4 days, 22 hours ago
DGWR	4 days, 22 hours ago
AURX	1 week ago
CIRX	1 week ago
GTCH	1 week ago
HWNI	1 week ago
CSSE	1 week ago
WNLV	1 week ago
RBTK	2 weeks ago
BTTR	2 weeks ago
ROYL	2 weeks ago
VIRC	2 weeks ago
SCS	2 weeks ago
DHAC	2 weeks ago
ALOT	2 weeks ago
NUBI	2 weeks ago

OTHER DATASETS

House Trading

Dashboard

Corporate Flights

Dashboard

App Ratings

Dashboard