Risk Management and Strategy

The Company has initiated a cybersecurity risk management program designed to assess, identify, and manage material risks from cybersecurity threats. This program is integrated into the Company’s overall enterprise risk management processes and is intended to protect the confidentiality, integrity, and availability of the Company’s information systems and data.

The Company’s cybersecurity risk management processes include, among other things:

Cybersecurity risks are considered a part of the Company’s overall risk management processes. Management evaluates cybersecurity risks in the context of the Company’s business operations, strategy, and financial condition, and incorporates such risks into decision-making processes where appropriate.

The Company’s reliance on information technology systems and third-party service providers exposes it to cybersecurity risks, including risks arising from unauthorized access, ransomware, system disruption, and human error. While the Company has implemented measures designed to mitigate these risks, there can be no assurance that such measures will be effective in preventing cybersecurity incidents. Furthermore, in connection with the preparation of our consolidated financial statements for the years ended December 31, 2025 and 2024, we identified material weaknesses in our internal control over financial reporting related in part to IT general controls. For additional information, see “Material Weaknesses in Internal Control over Financial Reporting” in Item 9A of this Annual Report.

Despite our efforts to implement security safeguards, we have experienced incidents; however, the Company is not aware of having experienced any cybersecurity incidents that have materially affected, or are reasonably likely to materially affect, its business strategy, results of operations, or financial condition. However, the Company may experience cybersecurity incidents in the future that could have a material adverse effect on its business, prospects, results of operations, and financial condition. For additional information, see “Risk Factors” in Item 1A of this Annual Report.

Governance

The Audit Committee of the Company’s board of directors oversees the Company’s cybersecurity risk management as part of its broader risk oversight responsibilities pursuant to its charter. The Audit Committee is responsible for reviewing risks related to information technology and cybersecurity to the extent such risks could materially impact the Company’s financial statements, internal controls, or disclosure obligations.

The Audit Committee receives regular reports from management regarding the Company’s cybersecurity risk profile, including updates on cybersecurity threats, risk assessments, and the Company’s efforts to prevent, detect, and respond to cybersecurity incidents. The Audit Committee also reviews management’s processes for identifying, assessing, and managing cybersecurity risks. Significant cybersecurity incidents and related developments are escalated to the Audit Committee and, where appropriate, to the full board of directors.

The Company’s cybersecurity risk management program is led by its Senior Digital Systems Manager, who is responsible for overseeing the Company’s information technology systems and managing cybersecurity risk in coordination with third-party managed security service providers. The Senior Digital Systems Manager has more than 20 years of experience in information technology systems administration and cybersecurity practices, including network security, system access controls, and incident response. The Senior Digital Systems Manager has held a variety of leadership positions in enterprise systems, digital transformation, and information security at The Arcticom Group and Econolite, including roles involving the implementation of security governance frameworks, role-based access controls, and incident response processes in support of regulatory compliance and operational resilience.

The Senior Digital Systems Manager is responsible for implementing and maintaining the Company’s cybersecurity program and for monitoring cybersecurity risks and incidents through ongoing system oversight, including the use of security tools, system alerts, and periodic assessments. The Company may also engage third-party service providers, including cybersecurity consultants, to assist in monitoring and managing cybersecurity risks.

Cybersecurity matters are communicated to senior management, including the Company’s Chief Executive Officer and Chief Financial Officer, on an ongoing basis. Senior management provides updates to the Audit Committee on a periodic basis and as needed. The Company maintains incident response procedures that include escalation protocols designed to ensure that significant cybersecurity incidents are promptly reported to senior management and the Audit Committee to support timely decision-making and disclosure, as appropriate.

The Audit Committee of the Company’s board of directors oversees the Company’s cybersecurity risk management as part of its broader risk oversight responsibilities pursuant to its charter. The Audit Committee is responsible for reviewing risks related to information technology and cybersecurity to the extent such risks could materially impact the Company’s financial statements, internal controls, or disclosure obligations.

The Audit Committee receives regular reports from management regarding the Company’s cybersecurity risk profile, including updates on cybersecurity threats, risk assessments, and the Company’s efforts to prevent, detect, and respond to cybersecurity incidents. The Audit Committee also reviews management’s processes for identifying, assessing, and managing cybersecurity risks. Significant cybersecurity incidents and related developments are escalated to the Audit Committee and, where appropriate, to the full board of directors.