ITEM 1C. Cybersecurity

RISK MANAGEMENT AND STRATEGY

Eagle continues to make cybersecurity a priority as the threat landscape evolves and becomes increasingly complex and sophisticated.

Managing Material Risks and Integrated Overall Risk Management

We have strategically integrated cybersecurity risk management into our broader risk management framework to promote a company-wide culture of cyber risk awareness. Our Director of Information Security (DIS), under the direction of our Chief Financial Officer (CFO), continuously evaluates and addresses cyber risks in alignment with business objectives, operational needs, and industry-accepted standards, such as National Institute of Standards and Technology frameworks.

The Company has processes and procedures in place intended to prevent, detect, mitigate, and remediate cybersecurity risks. These include but are not limited to:

Engaging Third Parties on Risk Management

Recognizing the complexity and evolving nature of cybersecurity risk, we engage with a range of external security support providers, including cybersecurity consultants, in evaluating, monitoring, and testing our cyber management systems and related cyber risks. The Company’s collaboration with these third parties includes threat and vulnerability assessments, incident response plan testing, company-wide monitoring of cybersecurity risks, and consultation on security enhancements.

Managing Third-Party Risk

We recognize the risks associated with the use of vendors, service providers, and other third parties that provide information system services to us, process information on our behalf, or have access to our information systems, and the Company has processes in place to oversee and manage these risks. We conduct thorough security assessments of these third-party engagements and maintain ongoing monitoring to ensure compliance with our cybersecurity standards. This monitoring includes both annual and ongoing assessments.

Risks from Cybersecurity Incidents

To our knowledge, the Company has not been subject to cybersecurity incidents that have materially affected, or are reasonably likely to materially affect, the Company, its operations, or financial standing.

GOVERNANCE

Risk Management Personnel

The Company’s cybersecurity risk management program is overseen by management at multiple levels. Under the direction of our CFO, the DIS plays a key role in assessing, monitoring, and managing the Company’s cybersecurity risks with support from Company management, external cybersecurity consultants, and dedicated information technology and security personnel. Our DIS has over 35 years of IT experience, including 30 years of specializing in cybersecurity practices. Our DIS holds numerous certifications including as an ISC2, Certified Information Systems Security Professional (CISSP), and ISACA Certified Information Security Manager (CISM). Our DIS also has extensive experience in architecting, implementing, and managing cyber security control systems including vulnerability management, endpoint detection and response (EDR), security information and event management (SIEM), email fraud defense, and identity access management (IAM) solutions.

Monitor Cybersecurity Incidents

Our DIS is continually informed and updated on the latest developments in cybersecurity, including emerging threats and innovative risk management techniques. Our Director of Technology (DIT), supported by our DIS, implements and oversees processes for the regular monitoring of our information systems. This includes the deployment of advanced security measures and regular system audits to identify potential vulnerabilities. In the event of a cybersecurity incident, the Company is equipped with a defined and practiced incident response plan, which details immediate actions to mitigate the impact and long-term strategies for remediation and prevention of future incidents.

Board of Directors Oversight

The Audit Committee of Eagle's Board is responsible for overseeing the Company’s policies and practices related to cyber risk. Based on details provided by the DIS, the Chief Financial Officer (CFO), together with the Company's third-party experts, provides the Audit Committee quarterly updates that encompass a broad range of topics, including:

In addition, the CFO provides updates to the full Board upon request, and timely updates regarding unique developments such as regulatory updates or vulnerability developments, based on details provided by the DIS.