Cybersecurity risk considerations are addressed through management’s oversight of information technology operations and periodic risk assessment activities. Cybersecurity risk assessments are performed at least annually, often in connection with renewing the Company’s cybersecurity insurance coverage and may be discussed with the Board of Directors as circumstances warrant.

Processes for Assessing, Identifying, and Managing Material Cybersecurity Risks and Incidents

Our cybersecurity program includes processes designed to assess, identify, and manage cybersecurity events, including events that could be material. These processes include: (i) monitoring and detection activities using a combination of manual oversight and automated tools and third-party services; (ii) procedures to assess the nature, scope, and potential impact of identified events; (iii) escalation protocols to communicate relevant matters to senior management and, as appropriate, the Board of Directors; and (iv) incident response procedures intended to support containment, eradication, recovery, and communications to appropriate stakeholders. The Company maintains an incident response plan as part of its overall IT policies and conducts periodic testing of its incident response processes through activities such as simulated phishing exercises and tabletop-style testing.

In connection with incident escalation, if management determines that a cybersecurity incident is material, the incident would be escalated to executive management and the Board and, if required, the Company would make timely public disclosure in accordance with applicable regulatory requirements and the Company’s disclosure policies.

Integration with Overall Risk Management

Cybersecurity risk management is integrated into the Company’s overall risk management activities through management’s ongoing oversight of IT operations, periodic cybersecurity risk assessments (including those performed in connection with cybersecurity insurance renewals), and consideration of cybersecurity risks in connection with changes in the Company’s operating environment and reliance on third-party systems.

Use of Third Parties and Third-Party Risk Management

We use third-party service providers to support key functions, including cloud-based enterprise systems and other hosted platforms used in our operations. We perform due diligence in selecting critical service providers and review available SOC reports or other security attestations where applicable. While we have not implemented a formal third-party IT vendor risk management framework, management relies on contractual commitments, available third-party attestations, and oversight by our outsourced IT service provider to help identify and manage cybersecurity risks associated with these providers.

The Board of Directors provides oversight of cybersecurity risk as part of its broader risk oversight responsibilities. The Board has not designated a separate committee or subcommittee specifically responsible for cybersecurity oversight. Management may provide updates to the Board regarding cybersecurity risk assessments, significant cybersecurity risk areas, and incident matters as circumstances warrant, including following significant incidents or material changes in the Company’s risk profile.

Management’s Role and Relevant Expertise

Senior management is responsible for oversight of the Company’s cybersecurity risk management program and coordination with third-party service providers supporting information technology and cybersecurity functions. The Chief Administrative Officer supports cybersecurity oversight through administration of key IT-related processes, including coordinating access provisioning requests and employee onboarding acknowledgements of cybersecurity and acceptable use policies, and working with the outsourced IT service provider and senior management on security-related matters.

Material Impacts of Cybersecurity Risks and Incidents

The Company has not identified any cybersecurity incidents that have materially affected, or are reasonably likely to materially affect, the Company’s business strategy, results of operations, or financial condition.