Cybersecurity Risk Management Processes Integrated [Flag]

true

Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

The Company’s cybersecurity risk management program is integrated into the overall risk management framework, including risk identification, assessment, and mitigation across all business areas. We have collaborated with third-party consultants and built a cybersecurity program designed to protect and safeguard the integrity of our information systems, which aligns with industry standards and regulatory requirements. Key components of our cybersecurity risk management and strategy include:

◾

Risk assessments, including vulnerability scans and penetration testing to identify potential system weaknesses. These are performed internally and supported by third-party consultants;

◾

Alignment of our cybersecurity framework with industry standards;

◾

Employee training and awareness: all employees receive mandatory regular cybersecurity training, with additional specialized sessions for high-risk roles. We also conduct simulated phishing exercises to enhance awareness and preparedness;

◾

Continuous monitoring and threat detection: our IT security team uses advanced tools for real-time network and system monitoring, enabling rapid detection and response to potential threats;

◾

Comprehensive cyber insurance coverage, including protection against social engineering fraud and other cyber incidents, to further mitigate potential financial losses.

We have previously experienced actual or attempted cyber-attacks on our information systems or networks; however, none of these incidents had a material impact on our operations or financial condition.

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]

false

Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

The board of directors oversees the Company’s practice for assessing, identifying and managing material risks from cybersecurity threats. The Audit Committee, consisting of all of the board’s independent directors, with one member holding the CERT Certificate in Cybersecurity Oversight, reviews and discusses with management and the independent auditor on the Company’s significant financial risk exposures for matters related to cybersecurity risk, including the steps management has taken to monitor and manage such exposures.

The Company’s VP of enterprise systems and applications leads the overall cybersecurity strategy and risk management program. This role oversees development and execution of risk assessments, implementation of security policies and procedures, regular cybersecurity training for our employees, and leadership of the IT security team and coordination with third-party consultants.

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]

The Audit Committee, consisting of all of the board’s independent directors, with one member holding the CERT Certificate in Cybersecurity Oversight, reviews and discusses with management and the independent auditor on the Company’s significant financial risk exposures for matters related to cybersecurity risk, including the steps management has taken to monitor and manage such exposures.

Cybersecurity Risk Management Positions or Committees Responsible [Text Block]

The Company’s VP of enterprise systems and applications leads the overall cybersecurity strategy and risk management program. This role oversees development and execution of risk assessments, implementation of security policies and procedures, regular cybersecurity training for our employees, and leadership of the IT security team and coordination with third-party consultants.

Senior executives, including the Company’s CEO and CFO, integrate cybersecurity risks into the overall business strategy and financial planning. The VP and IT security team provide regular reports to senior management on the Company’s identified vulnerabilities, progress on cybersecurity initiatives and remediation efforts, and details of ongoing incidents. Management notifies the board of directors when significant incidents occur and provides the Audit Committee with quarterly updates on the Company’s cybersecurity practices.

Cybersecurity Risk Management Expertise of Management Responsible [Text Block]

Senior executives, including the Company’s CEO and CFO, integrate cybersecurity risks into the overall business strategy and financial planning. The VP and IT security team provide regular reports to senior management on the Company’s identified vulnerabilities, progress on cybersecurity initiatives and remediation efforts, and details of ongoing incidents. Management notifies the board of directors when significant incidents occur and provides the Audit Committee with quarterly updates on the Company’s cybersecurity practices.

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]

true