Risk Management and Strategy

Our business model does not heavily rely on third-party software or services, particularly those that are directly integrated into our products or operations. This reduces our dependency on external technology and lessens the potential impact of cybersecurity breaches or disruptions originating from these third-party entities. Additionally, our emphasis on physical retail shops and warehouses provides an inherent buffer against cyberattacks. Currently, we only receive a small number of inquiries via our website at www.rectitude.com.sg. Sales to end users through e-commerce platforms such as Shopee and Lazada are also minimal, total amounting only to S$10,703 (US$7,960), S$26,003 and S$17,085 for the financial years ended March 31, 2025, 2024, and 2023, respectively, with sales via our physical stores and through third party vendors accounting for the rest of our sales. While data breaches and operational disruptions can still occur, the physical presence of our business allows for alternative methods of product distribution and customer service, reducing the overall impact of cybersecurity related incidents on our operations. Despite our perception of the lower risk of cybersecurity related incidents materially affecting our operations, we plan to prioritize the implementation of cybersecurity measures to maintain a secure and reliable business environment. For example, we plan to (i) conduct more rigorous assessments of potential suppliers’ cybersecurity practices, including penetration testing and vulnerability assessments; (ii) incorporate cybersecurity clauses into our business contracts; (iii) include specific security requirements and data protection protocols in our vendor contracts to ensure consistent cybersecurity standards across our supply chain; (iv) educate our employees on cybersecurity threats by providing training for employees to recognize and report phishing attempts, social engineering tactics, and other cyber threats; and (v) implement cybersecurity awareness tools and simulations to test employees’ knowledge and response to potential threats. By implementing these measures, we hope that our ability to respond to and recover from any eventual cybersecurity incidents will be enhanced.