To more effectively protect against, detect and respond to cybersecurity threats, the Company maintains a cybersecurity risk management program, which is supervised by our EVP Artificial Intelligence and Information Systems, whose team is responsible for leading enterprise-wide cybersecurity strategy, policy, standards, architecture and processes. The Company’s EVP Artificial Intelligence and Information Systems and his team possess expertise with cybersecurity, as demonstrated by prior work experience. The Company has designed its cybersecurity program based on the COBIT 2019 framework (and other certain industry standards) with the aim of protecting our networks, applications and systems and the confidentiality of sensitive information maintained as part of our business operations as well as securing our resources against cybersecurity threats. A breach, compromise or other security incident involving such information and resources could have a material impact on the Company’s operations.

The goal of our cybersecurity program is to design, implement and maintain effective operational risk techniques and strategies, protect intellectual property and other proprietary and sensitive information, including personal information, minimize operational and fraud losses, and enhance our overall performance. As part of our cybersecurity program, we utilize security monitoring capabilities that alert us of suspicious activity, supported by an incident response program that is designed to support our ability to restore critical business operations in a controlled and step-wise manner. The Company also has procedures for evaluating the privacy, data protection and information security practices of our third-party service providers that provide us with IT services or that otherwise have access to our systems or our confidential or sensitive data. Additionally, we continually evaluate our internal systems, processes and controls to

identify potential vulnerabilities, mitigate potential loss from cyber-attacks and also engage third-party security experts for risk assessment and system enhancements.

Furthermore, our cybersecurity program is focused on companywide awareness geared toward enabling our employees and other key personnel to effectively handle the ever-increasing threat vectors such as phishing and other sophisticated social engineering attacks. Our management takes the position that cybersecurity is owned companywide as a collective team, not just by the EVP Artificial Intelligence and Information Systems. Our security awareness program focuses on improving awareness through training, including realistic phishing simulation campaigns. Our key areas of focus in 2026 and beyond will include requiring further training for employees that fail simulated phishing campaigns and encouraging our employees to report any suspicious activity they encounter.

The goal of our cybersecurity program is to design, implement and maintain effective operational risk techniques and strategies, protect intellectual property and other proprietary and sensitive information, including personal information, minimize operational and fraud losses, and enhance our overall performance. As part of our cybersecurity program, we utilize security monitoring capabilities that alert us of suspicious activity, supported by an incident response program that is designed to support our ability to restore critical business operations in a controlled and step-wise manner. The Company also has procedures for evaluating the privacy, data protection and information security practices of our third-party service providers that provide us with IT services or that otherwise have access to our systems or our confidential or sensitive data. Additionally, we continually evaluate our internal systems, processes and controls to

identify potential vulnerabilities, mitigate potential loss from cyber-attacks and also engage third-party security experts for risk assessment and system enhancements.

Furthermore, our cybersecurity program is focused on companywide awareness geared toward enabling our employees and other key personnel to effectively handle the ever-increasing threat vectors such as phishing and other sophisticated social engineering attacks. Our management takes the position that cybersecurity is owned companywide as a collective team, not just by the EVP Artificial Intelligence and Information Systems. Our security awareness program focuses on improving awareness through training, including realistic phishing simulation campaigns. Our key areas of focus in 2026 and beyond will include requiring further training for employees that fail simulated phishing campaigns and encouraging our employees to report any suspicious activity they encounter.

Our Board of Directors has overall oversight responsibility for our overall enterprise risk management, including cybersecurity risks and threats, and the EVP Artificial Intelligence and Information Systems reports to the Board of Directors at least annually on such cybersecurity risks or threats as well as current trends and developments within the cybersecurity landscape.

Our Board of Directors has overall oversight responsibility for our overall enterprise risk management, including cybersecurity risks and threats, and the EVP Artificial Intelligence and Information Systems reports to the Board of Directors at least annually on such cybersecurity risks or threats as well as current trends and developments within the cybersecurity landscape.