Cybersecurity Risk Management and Strategy ; Effect of Risk

We face risks related to cybersecurity such as unauthorized access, cybersecurity attacks and other security incidents, including as perpetrated by hackers and unintentional damage or disruption to hardware and software systems, loss of data, and misappropriation of confidential information. To identify and assess material risks from cybersecurity threats, we work with a third-party cyber specialist to ensure our systems are effective and prepared for information security risks, including regular oversight of our programs for security monitoring for internal and external threats to ensure the confidentiality and integrity of our information assets. We consider risks from cybersecurity threats alongside other company risks as part of our overall risk assessment process. As discussed in more detail under “Cybersecurity Governance” below, our audit committee provides oversight of our cybersecurity risk management and strategy processes, which are led by Chief Executive Officer.

We also identify our cybersecurity threat risks by comparing our processes to standards set by the NIST, International Organization for Standardization, Center for Internet Security as well as by engaging experts to attempt to infiltrate our information systems. To provide for the availability of critical data and systems, maintain regulatory compliance, manage our material risks from cybersecurity threats, and protect against and respond to cybersecurity incidents, we undertake the following activities:

Our incident response plan coordinates the activities we take to prepare for, detect, respond to and recover from cybersecurity incidents, which include processes to triage, assess severity for, escalate, contain, investigate and remediate the incident, as well as to comply with potentially applicable legal obligations and mitigate damage to our business and reputation.

Cybersecurity is an important part of our risk management processes and an area of focus for our board of directors and management. The audit committee of our board of directors is responsible for the oversight of risks from cybersecurity threats.

On an annual basis, our audit committee receives an update from management of our cybersecurity threat risk management and strategy processes covering topics such as data security posture, results from third-party assessments, progress towards pre-determined risk-mitigation-related goals, our incident response plan, and material cybersecurity threat risks or incidents and developments, as well as the steps management has taken to respond to such risks. In such sessions, our audit committee generally receives materials discussing current cyber risks and threats specific to our organization and industry, progress and status updates on projects aimed at fortifying our information security infrastructure, comprehensive evaluations of our ongoing information security program's effectiveness, and analysis of the evolving cyber threat landscape and its potential implications for our operations. and discusses such matters with our Chief Executive Officer. Our audit committee also receives prompt and timely information regarding any cybersecurity incident that meets establishing reporting thresholds, as well as ongoing updates regarding any such incident until it has been addressed.

On an annual basis, our audit committee receives an update from management of our cybersecurity threat risk management and strategy processes covering topics such as data security posture, results from third-party assessments, progress towards pre-determined risk-mitigation-related goals, our incident response plan, and material cybersecurity threat risks or incidents and developments, as well as the steps management has taken to respond to such risks. In such sessions, our audit committee generally receives materials discussing current cyber risks and threats specific to our organization and industry, progress and status updates on projects aimed at fortifying our information security infrastructure, comprehensive evaluations of our ongoing information security program's effectiveness, and analysis of the evolving cyber threat landscape and its potential implications for our operations. and discusses such matters with our Chief Executive Officer. Our audit committee also receives prompt and timely information regarding any cybersecurity incident that meets establishing reporting thresholds, as well as ongoing updates regarding any such incident until it has been addressed.