We have a cross-departmental approach to addressing cybersecurity risk, including input from employees and our Board of Directors. The Board, Audit Committee, and senior management devote significant resources to cybersecurity and risk management processes to adapt to the changing cybersecurity landscape and respond to emerging threats in a timely and effective manner. Assessing, identifying, and managing cybersecurity related risks are integrated into our overall enterprise risk management (“ERM”) process. We have a set of Company-wide policies and procedures outlined in our Employee Handbook that directly or indirectly relate to cybersecurity risks. These policies go through an internal review process and are approved by appropriate members of management. Consistent with best practices and requirements in the Employee Handbook, the Company conducts cybersecurity training on a periodic basis which occurs at least annually. Additionally, the Company continually addresses and maintains internal controls for identity and access management, logging and monitoring activities, performing periodic penetration testing and vulnerability scanning, general IT infrastructure governance and oversight, risk and threat assessment, employee awareness training and ongoing security monitoring. The Company engages a third-party hosting platform which internally manages ongoing vulnerability scanning, threat assessment and incident response through the hosting platform providing redundancy in threat preparedness, detection and response.

We are subject to cyber incidents and will continue to be exposed to cyber incidents in the normal course of our business. Incident response plans, procedures and processes are in place to address any cyber incidents, events or occurrences. Along with our third-party hosting platform, we periodically test preparedness ensuring and appropriate response is designed for immediate application. Although, such risks have not materially affected or are reasonably unlikely to materially affect us, these risks could affect our business strategy, including financial condition, results of operations, or cash flows. The extensive approach we take to cybersecurity may not be successful in preventing or mitigating a cybersecurity incident that could have a material adverse effect on us in the future. See Item 1A – Risk Factors for a discussion of cybersecurity risks.

The Board and Audit Committee, in conjunction with their oversight responsibility related to the ERM process and management, participates regularly in discussions with management regarding cybersecurity risks, and performs a review at least annually of the Company’s cybersecurity program. This includes discussions of management’s actions to identify and detect threats, as well as planned actions in the event of a response or recovery situation.