We operate in the biotechnology sector, which is subject to various cybersecurity risks that could adversely affect our business. We recognize the critical importance of developing, implementing, and maintaining cybersecurity measures to safeguard our information systems and protect the confidentiality, integrity, and availability of our data. We currently have security measures in place to protect and prevent data loss and other security breaches, including a cybersecurity risk assessment program. Our network infrastructure was designed with cybersecurity in mind, incorporating a range of critical components such as firewalls, intrusion detection and prevention systems, virtual private networks (VPNs), and secure Wi-Fi access points. Additionally, strong authentication mechanisms, encryption protocols, and robust monitoring tools are essential elements for ensuring a secure network infrastructure. These components work together to protect against unauthorized access, data breaches, malware attacks, and other cybersecurity threats.

Our current cybersecurity risk assessment program consists of routine evaluations of our network infrastructure, penetration testing and continuous monitoring of security controls and threats. The program outlines governance, policies and procedures, and technology we use to oversee and identify risks from cybersecurity threats and is informed by previous cybersecurity incidents we have observed within the Company.

Our COO and Quality Unit Manager are responsible for day-to-day assessment and management of risks from cybersecurity threats, including the prevention, mitigation, detection, and remediation of cybersecurity incidents. Our COO is experienced in operating a company which offers cybersecurity services. Our COO and Quality Unit Manager are informed of cybersecurity risks or incidents by our IT manager who regularly monitors our systems to detect cybersecurity incidents or risks.

The Board of Directors is responsible for oversight of risks from cybersecurity threats in conjunction with management. The Board of Directors receives reports and updates from management with respect to the management of risks from cybersecurity threats. Such reports cover the Company’s information technology security program, including its current status, capabilities, objectives and plans, as well as the evolving cybersecurity threat landscape. The Board of Directors takes into consideration such reports and updates into its overall risk assessment of the Company.

We leverage the advice of third-party consultants to help us assess and identify risks from cybersecurity threats, including the threat of a cybersecurity incident, and manage our risk assessment program. Among other things, these third-party consultants conduct security audits, penetration testing, and vulnerability assessments to evaluate the strength of our defenses. They also offer expertise in regulatory compliance, helping us ensure that our security measures align with industry standards and legal requirements. Additionally, they provide ongoing monitoring and analysis of emerging threats, allowing us to proactively adapt and strengthen our cybersecurity posture.¹

We also have policies and procedures to oversee and identify the risks from cybersecurity threats associated with our use of third-party service providers. When engaging with vendors or partners, we prioritize those who demonstrate robust cybersecurity measures and a strong commitment to protecting sensitive data. To mitigate risks associated with third-party providers, we incorporate specific cybersecurity requirements into contracts and service level agreements. These agreements outline expectations regarding data protection, access controls, incident reporting, and compliance monitoring. Furthermore, we implement other mechanisms to enhance security when working with third-party providers, including implementing two-factor authentication. By implementing these measures, we aim to minimize the cybersecurity risks associated with third-party service providers and ensure the protection of our organization's assets and data.

To date, no cybersecurity incident (or aggregation of incidents) or cybersecurity threat has materially affected our results of operations or financial condition. For information on how a cybersecurity threat might affect us, see also Item 3D. Risk Factors – General Risk Factors.

To date, no cybersecurity incident (or aggregation of incidents) or cybersecurity threat has materially affected our results of operations or financial condition. For information on how a cybersecurity threat might affect us, see also Item 3D. Risk Factors – General Risk Factors.

The Board of Directors is responsible for oversight of risks from cybersecurity threats in conjunction with management. The Board of Directors receives reports and updates from management with respect to the management of risks from cybersecurity threats. Such reports cover the Company’s information technology security program, including its current status, capabilities, objectives and plans, as well as the evolving cybersecurity threat landscape. The Board of Directors takes into consideration such reports and updates into its overall risk assessment of the Company.