Cybersecurity Risk Management and Strategy

We operate in an industry subject to various cybersecurity risks that could adversely affect our business, financial condition, and results of operations, including intellectual property theft; fraud; extortion; harm to employees or partners; violation of privacy laws and other litigation and legal risk; and reputational risk. We have initiated a risk-based approach designed to identify and assess the cybersecurity threats that could affect our business and information systems. Our strategy is to maintain a high level of risk awareness, identify critical IT assets, regularly update or replace those assets, and systematically perform vulnerability testing, and to promptly remediate deficiencies. Our cybersecurity program is aligned with industry standards and best practices, such as the National Institute of Standards and Technology ("NIST") Cybersecurity Framework and Cybersecurity and Infrastructure Security Agency ("CISA") best practices.

We are adopting various tools and methodologies to manage cybersecurity risk that will be tested on a regular cadence. We are also in the process of monitoring and evaluating our cybersecurity posture and performance on an ongoing basis through scheduled vulnerability scans, penetration tests and threat intelligence feeds. We may require third-party service providers and consultants with access to personal, confidential or proprietary information to implement and maintain comprehensive cybersecurity practices consistent with applicable legal standards and industry best practices.

There can be no assurance that our cybersecurity risk management program, including our controls, procedures and processes, will be fully complied with or that our program will be fully effective in protecting the confidentiality, integrity and availability of our information systems, product and network. No risks from cybersecurity threats or previous cybersecurity incidents have materially affected, or are reasonably likely to materially affect, our business strategy, financial condition or results of operations. However, there can be no assurance that the controls and procedures in place to monitor and mitigate the risks of cyber threats will be successful or sufficient to avoid material losses or consequences in the future.

The Company is currently in the process of implementing a more formalized cybersecurity program.

Governance

Our cybersecurity risk management and processes are led by our Vice President, Finance and Administration, with support of management, internal personnel and third-party providers. While management is responsible for the day-to-day management of cybersecurity risks, our Board of Directors, through its Audit Committee, has oversight of the Company's processes, policies and procedures for assessing, identifying, and managing material risks from cybersecurity threats including the integration and establishment of cybersecurity processes into the Company's overall risk management system or processes. On a quarterly basis, our VP Finance and Administration, presents necessary updates on our cybersecurity and other information technology risks that may affect us.