WhiteHorse Finance, Inc. (the “Company,” “we,” “us,” or “our”) maintains structured processes to proactively assess, identify, manage, and mitigate material risks from cybersecurity threats. The Company’s business remains dependent on the communications and information systems of WhiteHorse Advisers, LLC (the “Investment Adviser”) and other third-party service providers. The Investment Adviser manages the Company’s day-to-day operations and has implemented a cybersecurity program that applies to the Company and its operations and is subject to periodic updates, reviews, and independent assessments.

Cybersecurity Program Overview

The Investment Adviser has instituted a cybersecurity program designed to identify, assess, and manage cyber risks applicable to the Company. The program is aligned with the NIST CSF 2.0 framework, providing a structured approach to identify, protect against, detect, respond to, and recover from cybersecurity threats. The cyber risk management program involves risk assessments, implementation of security measures, and ongoing monitoring of systems and networks, including networks on which the Company relies. In addition, the Investment Adviser actively monitors the current threat landscape to identify material risks arising from new and evolving cybersecurity threats, including material risks faced by the Company.

The Company relies on the Investment Adviser to engage external experts, including cybersecurity assessors, consultants, and auditors, to evaluate cybersecurity measures and risk management processes, including those applicable to the Company. The Company relies on the Investment Adviser’s risk management program and processes, which include cyber risk assessments.

The Company depends on and engages various third parties, including suppliers, vendors, and service providers, to operate its business. The Company, in coordination with the Investment Adviser’s risk management, legal, information technology, and compliance teams, conducts ongoing due diligence on third-party service providers (including contractual provisions and regular compliance attestations) to ensure they meet requisite cybersecurity standards. For critical vendors, the Company requires SOC 2 Type II reports or similar independent cybersecurity assessments. In lieu of these reports, vendors may provide compensating materials demonstrating the structure and management of their cybersecurity programs.

Cybersecurity Program Overview

The Investment Adviser has instituted a cybersecurity program designed to identify, assess, and manage cyber risks applicable to the Company. The program is aligned with the NIST CSF 2.0 framework, providing a structured approach to identify, protect against, detect, respond to, and recover from cybersecurity threats. The cyber risk management program involves risk assessments, implementation of security measures, and ongoing monitoring of systems and networks, including networks on which the Company relies. In addition, the Investment Adviser actively monitors the current threat landscape to identify material risks arising from new and evolving cybersecurity threats, including material risks faced by the Company.

The Company relies on the Investment Adviser to engage external experts, including cybersecurity assessors, consultants, and auditors, to evaluate cybersecurity measures and risk management processes, including those applicable to the Company. The Company relies on the Investment Adviser’s risk management program and processes, which include cyber risk assessments.

The Company depends on and engages various third parties, including suppliers, vendors, and service providers, to operate its business. The Company, in coordination with the Investment Adviser’s risk management, legal, information technology, and compliance teams, conducts ongoing due diligence on third-party service providers (including contractual provisions and regular compliance attestations) to ensure they meet requisite cybersecurity standards. For critical vendors, the Company requires SOC 2 Type II reports or similar independent cybersecurity assessments. In lieu of these reports, vendors may provide compensating materials demonstrating the structure and management of their cybersecurity programs.

The board of directors of the Company provides strategic oversight on cybersecurity matters, including risks associated with cybersecurity threats. The board of directors of the company receives periodic updates from the Chief Information Security Officer (“CISO”) of the Investment Adviser and Chief Compliance Officer (“CCO”) of the Company regarding the overall state of the Investment Adviser’s cybersecurity program, information on the current threat landscape, and briefing on material risks from cybersecurity threats and material cybersecurity incidents impacting the Company.

The board of directors of the Company are collectively responsible for oversight of cybersecurity matters and is updated at every Board meeting. In these updates, the Company’s management and the Investment Adviser’s CISO provide reports on key metrics such as vulnerability scan results, third-party risk assessments, and incident response readiness. The board of directors of the Company also ensures its members receive periodic training or engage external advisors with cybersecurity expertise to strengthen oversight capabilities.