The Company employs a cybersecurity policy which it believes is appropriate for the potential of cybersecurity threats faced by it. The Company does not have possession of personally identifiable patient information from its clinical trials, nor does it have information with respect to third party credit or banking information. Accordingly, the threat is limited to disruption of ordinary business operations. The Company’s information systems and maintenance are delegated to independent information technology and cybersecurity consultants, with at least 10 years of experience advising similarly situated companies on information technology and cybersecurity risk management, who report to the Company’s Chief Financial Officer, who reports in turn directly to the Board of Directors and the Audit Committee, which is the principal committee charged with the Board’s risk management oversite. The Company has never been affected by cybersecurity incidents.

The Company’s information systems employ storage and recovery services from various third parties, including Microsoft, as its cloud service providers, which provides an additional level of protection from cybersecurity threats.