Risk Management

We work with a third-party vendor, which has extensive cybersecurity expertise to help protect and defend against cybersecurity threats. This vendor has advised us on material cybersecurity-related risks and is helping us establish controls designed to protect, detect, respond to, and recover from cybersecurity incidents. These controls include firewall protection, antivirus software protection, two-factor authentication enforced on all endpoints including Windows PCs and laptops, and intrusion prevention software designed to automatically block any unauthorized access attempts on our servers. Our cybersecurity controls are embedded within our overall risk management processes and technology, including a 24/7 threat monitoring system provided by the vendor.

Governance

The audit committee of our board of directors is responsible for oversight of the Company’s cybersecurity and other information technology risks, controls and procedures, including the Company’s plans to mitigate cybersecurity risks and to respond to data breaches. The board receives and provides feedback on regular updates from management, including from the Company’s Chief Financial Officer, regarding the status of projects to strengthen internal cybersecurity, results from third-party assessments, and also discusses recent incidents at other companies and the emerging threat landscape. Our Chief Financial Officer is informed about and monitors the prevention, and detection of cybersecurity incidents, with the support of our third-party cybersecurity vendor.

As of the date of this Report, we are not aware of any cybersecurity threats that have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition. However, the sophistication of cyber threats continues to increase, and the preventative actions we take to reduce the risk of cyber incidents and protect our systems and information may be insufficient. Accordingly, no matter how well our controls are designed or implemented, we will not be able to anticipate all security breaches, and we may not be able to implement effective preventive measures against such security breaches in a timely manner.