Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Our information security program is led by the Director of IT Cybersecurity and Compliance, who reports directly to the Chief Information Officer (the “CIO”). The program is aligned with the U.S. National Institute of Standards and Technology (NIST) Cybersecurity Framework and the Israel National Cyber Directorate. We are also members of the New Jersey Cybersecurity and Communications Integration Cell, which enhances our industry awareness and proactive response capabilities by facilitating information sharing, identifying attack profiles, and promoting continuous improvement.

We employ a range of tools and practices to assess, monitor, and mitigate cybersecurity risks. These practices extend to third-party service providers who have access to our systems and data. At least every two years, we engage an independent third party to conduct penetration testing and risk assessments of our cybersecurity posture.

Over the past year, we have made significant progress in strengthening our cyber defense capabilities. Our Security Operations Center and Managed Detection and Response services continue to evolve and improve daily. This progress is driven by real-time incident response, continuous team development, and the incorporation of lessons learned from both internal experiences and external industry intelligence. To complement these efforts, we have implemented an advanced cyber threat intelligence process that enhances our ability to detect threat actors, anticipate emerging risks, and align our detection and prevention strategies with global threat trends.

We also maintain a robust user education and awareness program, structured around an annual plan. Key elements include:

●

Monthly cybersecurity training for all users;

●

Bi-weekly phishing simulations; and

●

A monthly interactive cyber awareness magazine.

The rapid emergence of AI technologies has had a notable impact on our operational and strategic environment. These technologies quickly entered our ecosystem, and we responded by implementing necessary user awareness programs and governance mechanisms. Responsible adoption of AI technologies remains a key focus area. Our efforts encompass raising organizational awareness, deploying suitable monitoring tools, and fostering innovation while ensuring compliance with privacy regulations and industry standards. Our program continues to evolve to ensure the safe, ethical, and compliant use of AI across the enterprise.

In parallel, we are enhancing our third-party cybersecurity and regulatory risk management framework. This includes a structured process for evaluating and monitoring external entities using standardized risk questionnaires, internal knowledge repositories, and validation procedures. These mechanisms are applied both prior to onboarding new suppliers, service providers, or technologies, and as part of periodic reviews of existing third-party relationships.

This proactive approach allows us to:

●

Identify security and compliance gaps early in the vendor lifecycle;

●

Prioritize suppliers based on their risk profile and level of exposure; and

●

Ensure that third-party engagements align with our corporate, regulatory, and contractual obligations.

Together, these measures strengthen our organizational cyber resilience, regulatory preparedness, and long-term operational integrity.

In the event of a cybersecurity or data privacy incident, our triage team evaluates the probable frequency and magnitude of potential loss. Incidents are categorized by severity and escalated to the CIO, Chief Executive Officer, and the Senior Vice President, General Counsel, and Corporate Secretary (“Legal Counsel”), who determine any additional communication or disclosure requirements. The Board of Directors is notified of high-severity incidents. Each incident is followed by a formal investigation, root cause analysis, and remediation plan. Additionally, our cyber insurance program is reviewed regularly to ensure adequate coverage in support of our layered protection model.

Cybersecurity Risk Management Processes Integrated [Text Block]

We employ a range of tools and practices to assess, monitor, and mitigate cybersecurity risks. These practices extend to third-party service providers who have access to our systems and data. At least every two years, we engage an independent third party to conduct penetration testing and risk assessments of our cybersecurity posture.

Over the past year, we have made significant progress in strengthening our cyber defense capabilities. Our Security Operations Center and Managed Detection and Response services continue to evolve and improve daily. This progress is driven by real-time incident response, continuous team development, and the incorporation of lessons learned from both internal experiences and external industry intelligence. To complement these efforts, we have implemented an advanced cyber threat intelligence process that enhances our ability to detect threat actors, anticipate emerging risks, and align our detection and prevention strategies with global threat trends.

We also maintain a robust user education and awareness program, structured around an annual plan. Key elements include:

●

Monthly cybersecurity training for all users;

●

Bi-weekly phishing simulations; and

●

A monthly interactive cyber awareness magazine.

The rapid emergence of AI technologies has had a notable impact on our operational and strategic environment. These technologies quickly entered our ecosystem, and we responded by implementing necessary user awareness programs and governance mechanisms. Responsible adoption of AI technologies remains a key focus area. Our efforts encompass raising organizational awareness, deploying suitable monitoring tools, and fostering innovation while ensuring compliance with privacy regulations and industry standards. Our program continues to evolve to ensure the safe, ethical, and compliant use of AI across the enterprise.

In parallel, we are enhancing our third-party cybersecurity and regulatory risk management framework. This includes a structured process for evaluating and monitoring external entities using standardized risk questionnaires, internal knowledge repositories, and validation procedures. These mechanisms are applied both prior to onboarding new suppliers, service providers, or technologies, and as part of periodic reviews of existing third-party relationships.

This proactive approach allows us to:

●

Identify security and compliance gaps early in the vendor lifecycle;

●

Prioritize suppliers based on their risk profile and level of exposure; and

●

Ensure that third-party engagements align with our corporate, regulatory, and contractual obligations.

Together, these measures strengthen our organizational cyber resilience, regulatory preparedness, and long-term operational integrity.

In the event of a cybersecurity or data privacy incident, our triage team evaluates the probable frequency and magnitude of potential loss. Incidents are categorized by severity and escalated to the CIO, Chief Executive Officer, and the Senior Vice President, General Counsel, and Corporate Secretary (“Legal Counsel”), who determine any additional communication or disclosure requirements. The Board of Directors is notified of high-severity incidents. Each incident is followed by a formal investigation, root cause analysis, and remediation plan. Additionally, our cyber insurance program is reviewed regularly to ensure adequate coverage in support of our layered protection model.

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Board of Directors Oversight [Text Block]

Governance

Our CIO manages our information technology systems. He has over 45 years of experience in digital systems and technology in the animal health, bio-tech pharmaceutical, pharmaceutical, and oil and gas industries. He has held multiple leadership roles driving business value for investments in digital solutions. He also spent six years as a leader within internal auditing, providing experience and wisdom in business-driven risk management.

The CIO provides periodic reports to the Board of Directors, the executive management team, and our Legal Counsel. These reports include updates on our cybersecurity risks and threats, assessments of our information security program, and any changes in the threat landscape. Our information technology systems are regularly evaluated by internal and external consultants, with the results of the review reported to the executive management team and the Board of Directors.

Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

The CIO provides periodic reports to the Board of Directors, the executive management team, and our Legal Counsel. These reports include updates on our cybersecurity risks and threats, assessments of our information security program, and any changes in the threat landscape.

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true

Cybersecurity Risk Management Expertise of Management Responsible [Text Block]

Our CIO manages our information technology systems. He has over 45 years of experience in digital systems and technology in the animal health, bio-tech pharmaceutical, pharmaceutical, and oil and gas industries. He has held multiple leadership roles driving business value for investments in digital solutions. He also spent six years as a leader within internal auditing, providing experience and wisdom in business-driven risk management.

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]

true