Cybersecurity Risk Management and Governance

In response to the increasing threat of continuously evolving cybersecurity risks, we continue to invest in our information technology and operational technology cybersecurity processes. We maintain a data protection and cybersecurity risk management program based upon the National Institute of Standards and Technology (“NIST”) Cybersecurity framework to assess, identify and manage cybersecurity risks. As part of this program, we maintain defensive network perimeter safeguards, internal mitigation and control features, continuous system and network monitoring, and contingency data protection. The Company ensures regular data and system backups through planned schedules. We utilize local backups for quick recovery and off-site, off-line and physical backups to safeguard against disasters. Our cybersecurity program includes steps for assessing the severity of a cybersecurity threat, identifying the source of a cybersecurity threat including whether the cybersecurity threat is associated with a third-party service provider, implementing cybersecurity testing, detection, response, prevention and mitigation strategies. We also have a notification process for real-time escalation of material cyber incidents by members of our internal cybersecurity team to senior management, including our Chief Executive Officer, Chief Operating Officer, Chief Financial Officer, Corporate Controller, General Counsel and the Audit Committee of the Board of Directors. The Company’s information security team also engages third-party security consultants for penetration testing, training and system enhancements. Our Director of Information Technology is responsible for leading global cybersecurity risk reduction efforts and compliance.

The Audit Committee is responsible for oversight of our risk management with respect to information technology operations and cybersecurity and oversees risk management in the area of data privacy. As part of this process, the Audit Committee oversees the data protection and cybersecurity risk management program, which includes reviewing management’s risk assessments and the steps management has taken to monitor or mitigate our cybersecurity risk exposure. Management regularly provides data protection and cybersecurity reports to the Audit Committee, which include updates on cybersecurity initiatives, cybersecurity metrics and threat landscape.

Despite our efforts with respect to information technology operations, cybersecurity and data privacy, we have been, and may continue to be, impacted by breaches in data security and lapses in data privacy, which occur from time to time. During fiscal year 2024, the Company did not experience any cybersecurity incidents that have materially affected or are reasonably likely to materially affect the Company, including its business strategy, results of operations or financial condition.