Risk Management and Strategy

Safeguarding the Company’s information systems, assets, data, intellectual property and network infrastructure and ensuring that risks related to cybersecurity threats are appropriately managed is essential to maintaining a consistently high level of confidentiality, integrity and availability of our information systems; and the trust of our stakeholders, as well as meeting applicable regulatory requirements. We have implemented a multi-faceted cybersecurity risk management framework, which is integrated in our overall enterprise risk management system and processes.

Our cybersecurity team is tasked with assessing, identifying and managing risks related to cybersecurity threats and, is responsible for:

We also use third - party service providers to perform a variety of functions throughout our business such as hosting companies and contract research organizations. We manage cybersecurity risks associated with our use of these providers using several approaches, as deemed necessary, including security questionnaires, review of compliance reports, audits and the imposition of information security contractual obligations on vendors.

For a description of the risks from cybersecurity threats that may materially affect us and how they may do so, see our risk factors under Item 3.D “Risk Factors” in this Annual Report on Form 20 - F.

Role of Management

Our chief information officer leads management’s assessment, identification and management of risks related to cybersecurity threats and reports directly to our Chief Executive Officer. The chief information officer receives regular briefings on cybersecurity matters including results of vulnerability testing and remediation, cyber incident response and progress on cybersecurity infrastructure initiatives.

Safeguarding the Company’s information systems, assets, data, intellectual property and network infrastructure and ensuring that risks related to cybersecurity threats are appropriately managed is essential to maintaining a consistently high level of confidentiality, integrity and availability of our information systems; and the trust of our stakeholders, as well as meeting applicable regulatory requirements. We have implemented a multi-faceted cybersecurity risk management framework, which is integrated in our overall enterprise risk management system and processes.

Our cybersecurity team is tasked with assessing, identifying and managing risks related to cybersecurity threats and, is responsible for:

We also use third - party service providers to perform a variety of functions throughout our business such as hosting companies and contract research organizations. We manage cybersecurity risks associated with our use of these providers using several approaches, as deemed necessary, including security questionnaires, review of compliance reports, audits and the imposition of information security contractual obligations on vendors.

Our Board recognizes the importance of robust cybersecurity management programs and is actively engaged in overseeing and reviewing the Company’s cybersecurity risk profile and exposures.

The responsibilities of the Board include reviewing the cybersecurity threat landscape facing the Company, as well as our strategy, policies and procedures to mitigate cybersecurity risks and any significant cybersecurity incidents. The Board also considers the impact of emerging cybersecurity developments and regulations that may affect the Company.

The Board meets periodically with relevant members of management, who provide reports on cybersecurity matters including, among others: recent external cybersecurity threats and attack trends; updates to threat monitoring processes; the composition of our cybersecurity team; cybersecurity awareness training and stress testing; cybersecurity strategy; cybersecurity metrics, assessments and peer ratings; and cybersecurity programs. The Board has also directed management to be informed promptly and of any investigation of a material cybersecurity incident. The Board may, from time to time, engage third party advisors and experts, and meet with the Company’s external advisors on cybersecurity matters, as appropriate.

The Board meets periodically with relevant members of management, who provide reports on cybersecurity matters including, among others: recent external cybersecurity threats and attack trends; updates to threat monitoring processes; the composition of our cybersecurity team; cybersecurity awareness training and stress testing; cybersecurity strategy; cybersecurity metrics, assessments and peer ratings; and cybersecurity programs. The Board has also directed management to be informed promptly and of any investigation of a material cybersecurity incident. The Board may, from time to time, engage third party advisors and experts, and meet with the Company’s external advisors on cybersecurity matters, as appropriate.