Risk Management and Strategy

We regularly assess risks from cybersecurity threats, monitor our information systems for potential vulnerabilities and test those systems pursuant to our process. Our cybersecurity risk assessment is part of our overall risk management program. We also regularly engage outside consultants to assess, identify and manage material risks from cybersecurity threats, including those threats associated with our use of third-party service providers. These consultants recommend and help implement systems to protect against cybersecurity threats. Based on the information available as of the filing date of this Annual Report, we are not aware of any risks from cybersecurity threats that have materially affected or are reasonably likely to materially affect our business strategy, results of operations or financial condition. However, despite our cybersecurity risk management processes, there can be no assurance that we, or the third parties with which we interact, will not experience a cybersecurity incident in the future that may materially affect us. Refer to the risk factor captioned “Increasing dependence on the continuous and reliable operation of our information technology systems” under PART I, ITEM 1A – RISK FACTORS for additional description of cybersecurity risks and potential related impacts on the Company.

Governance

Our Board of Directors has overall oversight responsibility with respect to our approach to risk management, including risks relating to cybersecurity. Although the Board of Directors has the ultimate responsibility for risk oversight, our management team, including our President and CEO, has operational responsibility for cybersecurity matters, including the day-to-day management of our cybersecurity risks, and oversees processes for the prevention, detection, mitigation and remediation of any cybersecurity incidents. While our management team does not have cybersecurity expertise, we coordinate with expert consultants to assess and manage risks. Our Board of Directors reviews cybersecurity threats and risk controls at quarterly meetings based on information provided by management and outside consultants.