Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

1C. Cybersecurity Risk Management and Strategy

Lunai has established a comprehensive cybersecurity risk management program aimed at safeguarding the confidentiality, integrity, and availability of our essential systems and information. Central to our cybersecurity efforts is a robust incident response plan designed to address potential cyber incidents swiftly and effectively.

In designing and evaluating our cybersecurity initiatives, we have adopted the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF 2.0) as a guiding principle. It’s important to clarify that our use of the NIST CSF 2.0 is for guidance purposes to frame our risk identification, assessment, and management processes and does not equate to compliance with any specific technical standards or requirements.

Our cybersecurity framework is seamlessly integrated broader enterprise risk management strategy, sharing methodologies, reporting mechanisms, and governance structures with other risk domains including legal, compliance, strategic, operational, and financial risks.

Key components of our cybersecurity risk management program include:

	●	Conducting risk assessments to pinpoint material cybersecurity threats to our critical systems, data, products, services, and overall IT infrastructure.

	●	A dedicated security team overseeing the risk assessment processes, maintenance of security controls, and coordination of responses to cybersecurity incidents.

	●	Engagement with external service providers to evaluate, enhance, or support our security measures.

	●	Comprehensive cybersecurity training programs for employees, incident responders, and senior management to foster a culture of security awareness.

	●	An incident response plan outlining specific procedures for managing cybersecurity incidents.

	●	A thorough third-party risk management process to evaluate and manage risks associated with service providers, suppliers, and vendors.

To date, we have not identified any cybersecurity threats or past incidents that have had, or are likely to have, a material impact on our company’s operations, business strategy, financial performance, or results of operations.

Cybersecurity Governance:

The governance of cybersecurity risks is a critical function of our Board of Directors, with the Audit Committee (the “Committee”) playing a key role in the oversight of cybersecurity and related technology risks. The Committee is tasked with monitoring the effectiveness of our cybersecurity risk management program as implemented by management.

The Committee receives regular updates from management on the state of cybersecurity risks facing the company. This includes briefings on any significant cyber incidents and ongoing risk management efforts. These updates enable the Committee to provide informed reports on cybersecurity matters to the full Board.

Our Board is actively involved in our cybersecurity oversight, receiving detailed briefings from internal technology teams or external cybersecurity experts. These sessions are part of the Board’s commitment to continuous learning and staying informed about issues critical to public companies, including cybersecurity.

The responsibility for day-to-day management of cybersecurity risks lies with our management team, including the Chief Financial Officer. This team is at the forefront of our cybersecurity initiatives, coordinating both internal and external resources to anticipate, identify, and mitigate cyber threats. Our approach includes regular updates from internal security teams, leveraging intelligence from various sources, and utilizing advanced security tools to protect our digital environment.

Cybersecurity Risk Management Processes Integrated [Text Block]

Our cybersecurity framework is seamlessly integrated broader enterprise risk management strategy, sharing methodologies, reporting mechanisms, and governance structures with other risk domains including legal, compliance, strategic, operational, and financial risks.

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Board of Directors Oversight [Text Block]

Cybersecurity Governance:

The governance of cybersecurity risks is a critical function of our Board of Directors, with the Audit Committee (the “Committee”) playing a key role in the oversight of cybersecurity and related technology risks. The Committee is tasked with monitoring the effectiveness of our cybersecurity risk management program as implemented by management.

The Committee receives regular updates from management on the state of cybersecurity risks facing the company. This includes briefings on any significant cyber incidents and ongoing risk management efforts. These updates enable the Committee to provide informed reports on cybersecurity matters to the full Board.

Our Board is actively involved in our cybersecurity oversight, receiving detailed briefings from internal technology teams or external cybersecurity experts. These sessions are part of the Board’s commitment to continuous learning and staying informed about issues critical to public companies, including cybersecurity.

The responsibility for day-to-day management of cybersecurity risks lies with our management team, including the Chief Financial Officer. This team is at the forefront of our cybersecurity initiatives, coordinating both internal and external resources to anticipate, identify, and mitigate cyber threats. Our approach includes regular updates from internal security teams, leveraging intelligence from various sources, and utilizing advanced security tools to protect our digital environment.

Cybersecurity Risk Role of Management [Text Block]

Conducting risk assessments to pinpoint material cybersecurity threats to our critical systems, data, products, services, and overall IT infrastructure.

Cybersecurity Risk Management Positions or Committees Responsible [Text Block]

This team is at the forefront of our cybersecurity initiatives, coordinating both internal and external resources to anticipate, identify, and mitigate cyber threats.