Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

We believe cybersecurity is fundamental to our operations and are committed to maintaining robust governance and oversight of cybersecurity risks. We implement comprehensive processes to identify, assess, and manage material risks from cybersecurity threats as part of our broader risk management framework.

Cybersecurity Risk Management and Strategy

Our cybersecurity strategy prioritizes detection, analysis, and response to known, anticipated, or unexpected threats; effective management of security risks; and resilience against incidents. With the evolving cybersecurity landscape, our senior management and board of directors allocate significant resources to cybersecurity risk management, supported by advanced technologies and processes. We assess the impact of cybersecurity threats on our business—strategic direction, operational performance, and financial stability—using insights from known incidents in the shipping industry.

We have implemented risk-based processes, including access controls, data encryption, and regular cybersecurity training for employees. These are designed to evaluate vulnerabilities and threats, minimizing their impact on our operations and stakeholders. Our IT security services are provided by an ISO 27001-certified third-party vendor. We also oversee risks from third-party providers we depend on, conducting due diligence to assess their cybersecurity measures and compliance with regulatory requirements.

Data Privacy and Safety

We have comprehensive procedures to ensure data security, employing encryption and firewalls to prevent and detect risks. Confidential data is stored and transmitted encrypted on separate servers, with regular backups. We prohibit unauthorized third-party access to our data and periodically test our systems to address security and privacy risks.

Governance

Our board of directors oversees cybersecurity risks and incidents, including disclosure compliance and law enforcement cooperation, as we lack a dedicated cybersecurity committee. Senior management regularly discusses cyber risks with the board and reports material incidents. We consult outside counsel on materiality and disclosure matters, with the board making final decisions. Our external IT provider’s cybersecurity auditing team independently tests our controls.

Key Elements of Our Approach

1.

Continuous monitoring of cybersecurity threats using data analytics and network systems.

2.

Engagement of third-party consultants to assess vulnerabilities in our security systems.

3.

Materiality assessment of incidents by senior management and the board, with external input as needed.

4.

Board oversight of cybersecurity risks and disclosure compliance.

5.

Training—We maintain cybersecurity policies and provide periodic employee training to ensure compliance and risk reporting.

Investment and Impact

We continue to invest in cybersecurity systems and controls. Our operations and financial condition have not been materially affected by cybersecurity threats or past incidents, but future risks could have an impact. While we dedicate resources to managing these risks, our efforts may not fully prevent or remediate incidents, potentially affecting our business, reputation, and financial condition.

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]

Our board of directors oversees cybersecurity risks and incidents, including disclosure compliance and law enforcement cooperation, as we lack a dedicated cybersecurity committee.

Cybersecurity Risk Management Third Party Engaged [Flag]

true

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]

false