We recognize the importance of assessing, identifying, and managing material risks associated with cybersecurity threats, as such term is defined in Item 106(a) of Regulation S-K. These risks include, among other things, internal operational risks; system security risks; data protection; risks to proprietary business information; intellectual property theft; fraud; extortion; harm to employees, partners, or customers; violation of privacy or security laws and other litigation and legal risk; and reputational risks. We have implemented several cybersecurity processes, technologies, and controls to aid in our efforts to identify, assess, and manage such material risks.

To aid in identifying and assessing material risks from cybersecurity threats, our Enterprise Risk Management program considers cybersecurity risks alongside other significant company risks as part of our overall risk assessment process. We employ a range of tools and services, including regular network and endpoint monitoring and vulnerability assessments to inform our professionals’ risk identification and assessment.

We manage these known risks by using internal security controls designed to align with standards set by the International Organization for Standardization (“ISO”). In connection with the identification, assessment and management of material risks and cybersecurity threats, we also conduct the following activities at various intervals during the year:

Our cybersecurity incident response plan was developed to respond to the threat of security breaches, the threat of cyberattacks, and to protect and preserve the confidentiality, integrity, and continued availability of information owned by, or in the care of, the Company. Our incident response plan coordinates the activities that we take to prepare for, detect, respond to, and recover from cybersecurity incidents, which include processes to triage, assess severity for, escalate material cybersecurity incidents to our global crisis management plan, contain, investigate, and remediate the incident.

We regularly engage with auditors to review our cybersecurity program to help identify areas for continued focus, improvement and compliance.

In our risk factors, we describe how potential risks from cybersecurity threats may affect us, including our business strategy, results of operations, or financial condition. See our risk factor disclosures at Item 1A of this Annual Report on Form 10-K. For the fiscal year ended March 31, 2026, we are not aware of any cybersecurity incidents that have materially affected or are reasonably likely to materially affect the Company, including our business strategy, results of operations, or financial condition.

We recognize the importance of assessing, identifying, and managing material risks associated with cybersecurity threats, as such term is defined in Item 106(a) of Regulation S-K. These risks include, among other things, internal operational risks; system security risks; data protection; risks to proprietary business information; intellectual property theft; fraud; extortion; harm to employees, partners, or customers; violation of privacy or security laws and other litigation and legal risk; and reputational risks. We have implemented several cybersecurity processes, technologies, and controls to aid in our efforts to identify, assess, and manage such material risks.

To aid in identifying and assessing material risks from cybersecurity threats, our Enterprise Risk Management program considers cybersecurity risks alongside other significant company risks as part of our overall risk assessment process. We employ a range of tools and services, including regular network and endpoint monitoring and vulnerability assessments to inform our professionals’ risk identification and assessment.

Cybersecurity is an important part of our risk management processes and an area of focus for our Board of Directors and management. The Board has oversight responsibility for the Company’s Enterprise Risk Management framework. The Board as a whole and through the various Board committees oversees the Company’s management of material enterprise level risk, focusing on four areas of risk: strategic, compliance, operational, and financial.  To fulfill its oversight responsibility, the Board also regularly reviews, consults, and discusses with management on strategic direction, challenges, and risks faced by the Company. Board members, including members of the Audit Committee, have expertise and/or operational experience in cybersecurity matters. We are committed to maintaining

robust governance and oversight of these risks and to implementing mechanisms, controls, technologies, and processes designed to help us assess, identify, and manage these risks.

In support of the Board's oversight of the Company's cybersecurity risk management program, the Audit Committee receives quarterly cybersecurity updates from members of management. These updates include topics, such as threat risk management updates, the results of exercises and response readiness assessments, our incident response plan, and steps management has taken to respond to such threat risks, if any. Day-to-day cybersecurity risk management is led by our Senior Management Information Systems manager, who has over 10 years of information security and risk management experience.

In fiscal 2026, the Board adopted a Responsible Artificial Intelligence Policy establishing a governance framework for the ethical and secure use of AI across the organization, including a set of responsible AI principles, an approved list of AI tools, and a risk-based use case approval and inventory process overseen by management. The Board also adopted Guidelines for Responsible Use of Generative AI, which provide employees with practical guidance on the appropriate use of generative AI tools, including safeguards for the protection of confidential information, intellectual property, and personal data.

Members of the Board and Audit Committee are also encouraged to regularly engage in ad hoc conversations with management on cybersecurity-related news events and discuss any updates to our cybersecurity risk management and strategy programs.