ITEM 1C. CYBERSECURITY

 

Risk Management and Strategy

 

The Company’s cybersecurity program has direct involvement from senior management and all employees. Our business operations and relationships with our customers are reliant on technology, and any failure or disruption in our technological systems could have significant negative impacts on our business.

 

We monitor our information systems for cybersecurity incidents, assess and identify any perceived risks and/or vulnerabilities, and escalate incidents according to Company procedures. Incidents classified to a level that may significantly impact the Company are escalated to senior management for monitoring and action if necessary.

 

Each operating segment oversees and manages their own risk monitoring and mitigation processes in order to ensure segment-specific risks are properly identified and addressed. Operating segments regularly collaborate to facilitate the risk monitoring and mitigation processes and to ensure the policies and procedures for our information security program are integrated into our overall risk management assessment.

 

Governance

 

Our executive officers report material cybersecurity incidents to the Board of Directors. Management provides cyber related legal, regulatory, compliance, risk, and relevant industry and internal threat updates to the Board of Directors as needed. The updates provide information regarding the state of the Company’s information security program, the nature, timing and extent of cybersecurity incidents, if any, and the Company’s resolution to such matters.